Max CVSS | 10.0 | Min CVSS | 1.2 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2017-1000253 | 7.2 |
Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4f
|
11-09-2024 - 11:12 | 05-10-2017 - 01:29 | |
CVE-2016-5195 | 7.2 |
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in Oc
|
24-07-2024 - 14:27 | 10-11-2016 - 21:59 | |
CVE-2010-3904 | 7.2 |
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privile
|
27-06-2024 - 19:23 | 06-12-2010 - 20:13 | |
CVE-2009-4272 | 7.8 |
A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and
|
15-02-2024 - 20:47 | 27-01-2010 - 17:30 | |
CVE-2008-4302 | 4.9 |
fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a deni
|
15-02-2024 - 20:24 | 29-09-2008 - 17:17 | |
CVE-2009-3238 | 7.8 |
The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via v
|
15-02-2024 - 03:30 | 18-09-2009 - 10:30 | |
CVE-2009-2698 | 7.2 |
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vecto
|
28-12-2023 - 15:22 | 27-08-2009 - 17:30 | |
CVE-2012-2136 | 7.2 |
The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly g
|
12-10-2023 - 14:12 | 09-08-2012 - 10:29 | |
CVE-2013-0871 | 6.9 |
Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death.
|
11-08-2023 - 18:43 | 18-02-2013 - 04:41 | |
CVE-2017-1000112 | 6.9 |
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from
|
07-06-2023 - 12:46 | 05-10-2017 - 01:29 | |
CVE-2014-0181 | 2.1 |
The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configura
|
16-04-2023 - 15:15 | 27-04-2014 - 00:55 | |
CVE-2017-8824 | 7.2 |
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
|
24-02-2023 - 18:32 | 05-12-2017 - 09:29 | |
CVE-2013-4162 | 4.7 |
The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) vi
|
13-02-2023 - 04:44 | 29-07-2013 - 13:59 | |
CVE-2013-2237 | 2.1 |
The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message fr
|
13-02-2023 - 04:44 | 04-07-2013 - 21:55 | |
CVE-2012-6075 | 9.3 |
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly ex
|
13-02-2023 - 04:37 | 13-02-2013 - 01:55 | |
CVE-2012-3510 | 5.6 |
Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskst
|
13-02-2023 - 04:34 | 03-10-2012 - 11:02 | |
CVE-2012-3400 | 7.6 |
Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesyst
|
13-02-2023 - 04:34 | 03-10-2012 - 11:02 | |
CVE-2012-3515 | 7.2 |
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device mode
|
13-02-2023 - 04:34 | 23-11-2012 - 20:55 | |
CVE-2012-3375 | 4.9 |
The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via
|
13-02-2023 - 04:33 | 03-10-2012 - 11:02 | |
CVE-2012-2100 | 7.1 |
The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denia
|
13-02-2023 - 04:33 | 03-07-2012 - 16:40 | |
CVE-2011-4110 | 2.1 |
The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a
|
13-02-2023 - 04:32 | 27-01-2012 - 15:55 | |
CVE-2011-4348 | 7.1 |
Race condition in the sctp_rcv function in net/sctp/input.c in the Linux kernel before 2.6.29 allows remote attackers to cause a denial of service (system hang) via SCTP packets. NOTE: in some environments, this issue exists because of an incomplete
|
13-02-2023 - 04:32 | 08-06-2013 - 13:05 | |
CVE-2011-2901 | 5.5 |
Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service (host crash) via unspecified hypercalls that ignore virtual-address bits.
|
13-02-2023 - 04:31 | 01-10-2013 - 17:55 | |
CVE-2011-2689 | 4.9 |
The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arra
|
13-02-2023 - 04:31 | 28-07-2011 - 22:55 | |
CVE-2011-1478 | 5.7 |
The napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of servic
|
13-02-2023 - 04:29 | 23-10-2011 - 10:55 | |
CVE-2010-4343 | 4.7 |
drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file.
|
13-02-2023 - 04:28 | 29-12-2010 - 18:00 | |
CVE-2010-4248 | 4.9 |
Race condition in the __exit_signal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers
|
13-02-2023 - 04:28 | 30-11-2010 - 21:38 | |
CVE-2010-4526 | 7.1 |
Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked b
|
13-02-2023 - 04:28 | 11-01-2011 - 03:00 | |
CVE-2010-3081 | 7.2 |
The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to
|
13-02-2023 - 04:22 | 24-09-2010 - 20:00 | |
CVE-2010-2240 | 7.2 |
The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent at
|
13-02-2023 - 04:21 | 03-09-2010 - 20:00 | |
CVE-2010-1641 | 4.6 |
The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel before 2.6.34-git10 does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request.
|
13-02-2023 - 04:19 | 01-06-2010 - 20:30 | |
CVE-2010-0437 | 7.8 |
The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a deni
|
13-02-2023 - 04:16 | 24-03-2010 - 13:34 | |
CVE-2010-2524 | 4.6 |
The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local user
|
13-02-2023 - 03:16 | 08-09-2010 - 20:00 | |
CVE-2009-3726 | 7.8 |
The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect
|
13-02-2023 - 02:20 | 09-11-2009 - 19:30 | |
CVE-2009-2407 | 6.9 |
Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vecto
|
13-02-2023 - 02:20 | 31-07-2009 - 19:00 | |
CVE-2008-2365 | 4.7 |
Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another
|
13-02-2023 - 02:19 | 30-06-2008 - 21:41 | |
CVE-2008-3275 | 4.9 |
The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denia
|
13-02-2023 - 02:19 | 12-08-2008 - 23:41 | |
CVE-2008-2812 | 7.2 |
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) ha
|
13-02-2023 - 02:19 | 09-07-2008 - 00:41 | |
CVE-2009-0778 | 7.1 |
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of a
|
13-02-2023 - 02:19 | 12-03-2009 - 15:20 | |
CVE-2008-0600 | 7.2 |
The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vuln
|
13-02-2023 - 02:18 | 12-02-2008 - 21:00 | |
CVE-2008-0001 | 3.6 |
VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.
|
13-02-2023 - 02:18 | 15-01-2008 - 20:00 | |
CVE-2011-3347 | 4.6 |
A certain Red Hat patch to the be2net implementation in the kernel package before 2.6.32-218.el6 on Red Hat Enterprise Linux (RHEL) 6, when promiscuous mode is enabled, allows remote attackers to cause a denial of service (system crash) via non-membe
|
13-02-2023 - 01:20 | 08-06-2013 - 13:05 | |
CVE-2011-3346 | 4.0 |
Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command.
|
13-02-2023 - 01:20 | 01-04-2014 - 06:35 | |
CVE-2011-2723 | 5.7 |
The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of servic
|
13-02-2023 - 01:20 | 06-09-2011 - 15:55 | |
CVE-2011-2492 | 1.9 |
The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to
|
13-02-2023 - 01:19 | 28-07-2011 - 22:55 | |
CVE-2009-3613 | 7.8 |
The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of netwo
|
13-02-2023 - 01:17 | 19-10-2009 - 20:00 | |
CVE-2015-5279 | 7.2 |
Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
|
13-02-2023 - 00:52 | 28-09-2015 - 16:59 | |
CVE-2014-7822 | 7.2 |
The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unsp
|
13-02-2023 - 00:42 | 16-03-2015 - 10:59 | |
CVE-2013-4355 | 1.5 |
Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated m
|
13-02-2023 - 00:28 | 01-10-2013 - 17:55 | |
CVE-2013-1826 | 6.2 |
The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointe
|
13-02-2023 - 00:27 | 22-03-2013 - 11:59 | |
CVE-2012-5513 | 6.9 |
The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memor
|
13-02-2023 - 00:26 | 13-12-2012 - 11:53 | |
CVE-2012-1583 | 5.0 |
Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets.
|
13-02-2023 - 00:24 | 16-06-2012 - 21:55 | |
CVE-2012-2313 | 1.2 |
The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.
|
13-02-2023 - 00:24 | 13-06-2012 - 10:24 | |
CVE-2012-0029 | 7.4 |
Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via craf
|
13-02-2023 - 00:22 | 27-01-2012 - 15:55 | |
CVE-2011-2525 | 7.2 |
The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL poin
|
13-02-2023 - 00:18 | 02-02-2012 - 04:09 | |
CVE-2017-6074 | 7.2 |
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double
|
10-02-2023 - 00:53 | 18-02-2017 - 21:59 | |
CVE-2017-7895 | 10.0 |
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted reque
|
19-01-2023 - 16:13 | 28-04-2017 - 10:59 | |
CVE-2016-7117 | 10.0 |
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
|
19-01-2023 - 16:13 | 10-10-2016 - 11:00 | |
CVE-2012-0207 | 7.8 |
The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.
|
17-01-2023 - 21:31 | 17-05-2012 - 11:00 | |
CVE-2014-9322 | 7.2 |
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access t
|
17-01-2023 - 21:29 | 17-12-2014 - 11:59 | |
CVE-2017-1000379 | 7.2 |
The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.
|
17-01-2023 - 21:03 | 19-06-2017 - 16:29 | |
CVE-2008-2729 | 4.9 |
arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information.
|
03-02-2022 - 19:57 | 30-06-2008 - 22:41 | |
CVE-2015-3456 | 7.7 |
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_
|
17-11-2021 - 22:15 | 13-05-2015 - 18:59 | |
CVE-2018-3639 | 2.1 |
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access vi
|
13-08-2021 - 15:26 | 22-05-2018 - 12:29 | |
CVE-2014-3917 | 3.3 |
kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a lar
|
15-07-2021 - 19:16 | 05-06-2014 - 17:55 | |
CVE-2009-2848 | 5.9 |
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone
|
28-08-2020 - 13:10 | 18-08-2009 - 21:00 | |
CVE-2019-5489 | 2.1 |
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this af
|
24-08-2020 - 17:37 | 07-01-2019 - 17:29 | |
CVE-2018-3646 | 4.7 |
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fau
|
24-08-2020 - 17:37 | 14-08-2018 - 19:29 | |
CVE-2014-1738 | 2.1 |
The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from
|
21-08-2020 - 18:29 | 11-05-2014 - 21:55 | |
CVE-2010-3477 | 2.1 |
The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to o
|
14-08-2020 - 14:03 | 21-09-2010 - 20:00 | |
CVE-2011-1083 | 4.9 |
The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create a
|
12-08-2020 - 16:46 | 04-04-2011 - 12:27 | |
CVE-2010-0727 | 4.9 |
The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute
|
07-08-2020 - 15:13 | 16-03-2010 - 19:30 | |
CVE-2010-4805 | 7.8 |
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to
|
04-08-2020 - 17:52 | 26-05-2011 - 16:55 | |
CVE-2018-8897 | 7.2 |
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that
|
03-10-2019 - 00:03 | 08-05-2018 - 18:29 | |
CVE-2013-4299 | 6.0 |
Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.
|
22-04-2019 - 17:48 | 24-10-2013 - 10:53 | |
CVE-2013-4494 | 5.2 |
Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors.
|
13-12-2018 - 17:49 | 02-11-2013 - 18:55 | |
CVE-2010-1086 | 7.8 |
The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in Linux kernel 2.6.33 and earlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Point
|
16-11-2018 - 16:17 | 06-04-2010 - 22:30 | |
CVE-2009-4538 | 10.0 |
drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a r
|
16-11-2018 - 15:53 | 12-01-2010 - 17:30 | |
CVE-2014-8867 | 4.9 |
The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) v
|
30-10-2018 - 16:27 | 01-12-2014 - 15:59 | |
CVE-2014-4021 | 2.7 |
Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.
|
30-10-2018 - 16:26 | 18-06-2014 - 19:55 | |
CVE-2015-2151 | 7.2 |
The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly
|
30-10-2018 - 16:26 | 12-03-2015 - 14:59 | |
CVE-2008-1669 | 6.9 |
Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table."
|
30-10-2018 - 16:26 | 08-05-2008 - 00:20 | |
CVE-2007-0958 | 2.1 |
Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of CVE-2004-1073.
|
30-10-2018 - 16:25 | 15-02-2007 - 18:28 | |
CVE-2007-2242 | 7.8 |
The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.
|
16-10-2018 - 16:42 | 25-04-2007 - 16:19 | |
CVE-2007-4993 | 6.9 |
pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec st
|
15-10-2018 - 21:39 | 27-09-2007 - 17:17 | |
CVE-2007-4573 | 7.2 |
The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users t
|
15-10-2018 - 21:36 | 24-09-2007 - 22:17 | |
CVE-2008-5300 | 4.9 |
Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulne
|
11-10-2018 - 20:54 | 01-12-2008 - 17:30 | |
CVE-2010-3015 | 4.7 |
Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service (BUG and system crash) via a write operation on the last block of a large file, followed by a
|
10-10-2018 - 20:00 | 20-08-2010 - 18:00 | |
CVE-2009-1337 | 4.4 |
The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies
|
10-10-2018 - 19:36 | 22-04-2009 - 15:30 | |
CVE-2007-6694 | 7.8 |
The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which t
|
03-10-2018 - 21:52 | 29-01-2008 - 20:00 | |
CVE-2012-2625 | 2.7 |
The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image.
|
13-04-2018 - 13:00 | 31-10-2012 - 16:55 | |
CVE-2016-9637 | 3.7 |
The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.
|
08-02-2018 - 02:29 | 17-02-2017 - 02:59 | |
CVE-2015-5366 | 5.0 |
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect chec
|
05-01-2018 - 02:30 | 31-08-2015 - 10:59 | |
CVE-2015-1805 | 7.2 |
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a den
|
05-01-2018 - 02:30 | 08-08-2015 - 10:59 | |
CVE-2013-7263 | 4.9 |
The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or
|
16-12-2017 - 02:29 | 06-01-2014 - 16:55 | |
CVE-2013-3235 | 4.9 |
net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom syste
|
29-11-2017 - 02:29 | 22-04-2013 - 11:41 | |
CVE-2007-3107 | 2.1 |
The signal handling in the Linux kernel before 2.6.22, including 2.6.2, when running on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency, related to
|
11-10-2017 - 01:32 | 10-07-2007 - 22:30 | |
CVE-2007-2525 | 4.9 |
Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN
|
11-10-2017 - 01:32 | 08-05-2007 - 23:19 | |
CVE-2007-1388 | 4.4 |
The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel before 2.6.20, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt with the IPV6_RTHDR option name and possibly a zero o
|
11-10-2017 - 01:31 | 10-03-2007 - 19:19 | |
CVE-2007-0998 | 4.3 |
The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demons
|
11-10-2017 - 01:31 | 20-03-2007 - 10:19 | |
CVE-2009-0065 | 10.0 |
Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large
|
29-09-2017 - 01:33 | 07-01-2009 - 19:30 | |
CVE-2008-4993 | 6.9 |
qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file.
|
29-09-2017 - 01:32 | 07-11-2008 - 19:36 | |
CVE-2008-4576 | 7.8 |
sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the O
|
29-09-2017 - 01:32 | 15-10-2008 - 20:07 | |
CVE-2008-1615 | 4.9 |
Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls.
|
29-09-2017 - 01:30 | 08-05-2008 - 00:20 | |
CVE-2008-2004 | 4.9 |
The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the gue
|
29-09-2017 - 01:30 | 12-05-2008 - 22:20 | |
CVE-2008-1952 | 2.1 |
The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service (crash) by mapping an arbitrary amount of guest memory.
|
29-09-2017 - 01:30 | 23-06-2008 - 19:41 | |
CVE-2007-5494 | 4.9 |
Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux (RHEL) 4 and 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP.
|
29-09-2017 - 01:29 | 30-11-2007 - 02:46 | |
CVE-2007-4574 | 4.7 |
Unspecified vulnerability in the "stack unwinder fixes" in kernel in Red Hat Enterprise Linux 5, when running on AMD64 and Intel 64, allows local users to cause a denial of service via unknown vectors.
|
29-09-2017 - 01:29 | 23-10-2007 - 10:46 | |
CVE-2007-3851 | 6.0 |
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a
|
29-09-2017 - 01:29 | 13-08-2007 - 19:17 | |
CVE-2010-1188 | 7.1 |
Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20, when IPV6_RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is i
|
19-09-2017 - 01:30 | 31-03-2010 - 18:00 | |
CVE-2009-2849 | 4.7 |
The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 might allow local users to cause a denial of service (NULL pointer dereference) via vectors related to "suspend_* sysfs attributes" and the (1) suspend_lo_store or (2) suspend_hi_sto
|
19-09-2017 - 01:29 | 18-08-2009 - 21:00 | |
CVE-2009-3525 | 7.2 |
The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's
|
19-09-2017 - 01:29 | 05-10-2009 - 19:30 | |
CVE-2013-4368 | 1.9 |
The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack co
|
29-08-2017 - 01:33 | 17-10-2013 - 23:55 | |
CVE-2012-4544 | 2.1 |
The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (
|
29-08-2017 - 01:32 | 31-10-2012 - 16:55 | |
CVE-2012-5515 | 4.7 |
The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value.
|
29-08-2017 - 01:32 | 13-12-2012 - 11:53 | |
CVE-2013-0153 | 4.7 |
The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt
|
29-08-2017 - 01:32 | 14-02-2013 - 22:55 | |
CVE-2011-3262 | 2.1 |
tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking
|
29-08-2017 - 01:30 | 19-08-2011 - 20:55 | |
CVE-2011-1763 | 7.7 |
The get_free_port function in Xen allows local authenticated DomU users to cause a denial of service or possibly gain privileges via unspecified vectors involving a new event channel port.
|
03-09-2015 - 14:20 | 07-01-2014 - 19:55 | |
CVE-2012-4398 | 4.9 |
The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via a crafted application.
|
26-03-2015 - 01:59 | 18-02-2013 - 04:41 | |
CVE-2012-2934 | 1.9 |
Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (host hang) via sequential execution of instructions a
|
05-05-2014 - 05:11 | 03-12-2012 - 21:55 | |
CVE-2013-2888 | 6.2 |
Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption)
|
04-01-2014 - 04:47 | 16-09-2013 - 13:01 |