| Max CVSS | 7.8 | Min CVSS | 4.4 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2009-3238 | 7.8 |
The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via v
|
15-02-2024 - 03:30 | 18-09-2009 - 10:30 | |
| CVE-2009-2698 | 7.2 |
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vecto
|
28-12-2023 - 15:22 | 27-08-2009 - 17:30 | |
| CVE-2009-2908 | 4.9 |
The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a
|
13-02-2023 - 02:20 | 13-10-2009 - 10:30 | |
| CVE-2009-2903 | 7.1 |
Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp modules are loaded but the ipddp"N" device is not found, allows remote attackers to cause a denial of service (me
|
13-02-2023 - 01:17 | 15-09-2009 - 22:30 | |
| CVE-2009-2848 | 5.9 |
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone
|
28-08-2020 - 13:10 | 18-08-2009 - 21:00 | |
| CVE-2009-3002 | 4.9 |
The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to th
|
16-11-2018 - 15:43 | 28-08-2009 - 15:30 | |
| CVE-2009-3001 | 4.9 |
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC
|
16-11-2018 - 15:40 | 28-08-2009 - 15:30 | |
| CVE-2009-2584 | 7.2 |
Off-by-one error in the options_write function in drivers/misc/sgi-gru/gruprocfs.c in the SGI GRU driver in the Linux kernel 2.6.30.2 and earlier on ia64 and x86 platforms might allow local users to overwrite arbitrary memory locations and gain privi
|
16-11-2018 - 15:35 | 23-07-2009 - 20:30 | |
| CVE-2009-2847 | 4.9 |
The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive informati
|
10-10-2018 - 19:42 | 18-08-2009 - 21:00 | |
| CVE-2009-1883 | 4.4 |
The z90crypt_unlocked_ioctl function in the z90crypt driver in the Linux kernel 2.6.9 does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage.
|
29-09-2017 - 01:34 | 18-09-2009 - 10:30 | |
| CVE-2009-3290 | 7.2 |
The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to
|
19-09-2017 - 01:29 | 22-09-2009 - 10:30 | |
| CVE-2009-2849 | 4.7 |
The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 might allow local users to cause a denial of service (NULL pointer dereference) via vectors related to "suspend_* sysfs attributes" and the (1) suspend_lo_store or (2) suspend_hi_sto
|
19-09-2017 - 01:29 | 18-08-2009 - 21:00 | |
| CVE-2009-2695 | 7.2 |
The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the
|
19-09-2017 - 01:29 | 28-08-2009 - 15:30 | |
| CVE-2009-3286 | 4.6 |
NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privi
|
19-09-2017 - 01:29 | 22-09-2009 - 10:30 | |
| CVE-2009-2846 | 7.8 |
The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes tha
|
17-08-2017 - 01:30 | 18-08-2009 - 21:00 | |
| CVE-2009-2767 | 7.2 |
The init_posix_timers function in kernel/posix-timers.c in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (OOPS) or possibly gain privileges via a CLOCK_MONOTONIC_RAW clock_nanosleep call that triggers a NULL point
|
17-08-2017 - 01:30 | 14-08-2009 - 15:16 | |
| CVE-2009-3288 | 4.9 |
The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as
|
15-09-2011 - 03:06 | 22-09-2009 - 10:30 |