Search Results (Refine Search)
- CPE Product Version: cpe:/o:linux:linux_kernel:3.0:rc6
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-8133 |
arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value. Published: December 17, 2014; 6:59:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-9090 |
The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite. Published: November 29, 2014; 8:59:08 PM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2014-8989 |
The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a "negative groups" issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c. Published: November 29, 2014; 8:59:07 PM -0500 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2014-8884 |
Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call. Published: November 29, 2014; 8:59:06 PM -0500 |
V3.x:(not available) V2.0: 6.1 MEDIUM |
CVE-2014-7842 |
Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313. Published: November 29, 2014; 8:59:04 PM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2014-7841 |
The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk. Published: November 29, 2014; 8:59:03 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-3688 |
The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c. Published: November 29, 2014; 8:59:02 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-3645 |
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. Published: November 10, 2014; 6:55:06 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2012-6647 |
The futex_wait_requeue_pi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted FUTEX_WAIT_REQUEUE_PI command. Published: May 26, 2014; 6:55:05 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2014-2889 |
Off-by-one error in the bpf_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 3.1.8, when BPF JIT is enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges via a long jump after a conditional jump. Published: April 26, 2014; 8:55:05 PM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2013-7348 |
Double free vulnerability in the ioctx_alloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via vectors involving an error condition in the aio_setup_ring function. Published: April 01, 2014; 2:35:53 AM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2011-2909 |
The do_devinfo_ioctl function in drivers/staging/comedi/comedi_fops.c in the Linux kernel before 3.1 allows local users to obtain sensitive information from kernel memory via a copy of a short string. Published: February 15, 2014; 9:57:07 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2013-7281 |
The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. Published: January 08, 2014; 11:55:07 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2013-7271 |
The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. Published: January 06, 2014; 11:55:09 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2013-7270 |
The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. Published: January 06, 2014; 11:55:09 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2013-7269 |
The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. Published: January 06, 2014; 11:55:09 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2013-7268 |
The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. Published: January 06, 2014; 11:55:09 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2013-7267 |
The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. Published: January 06, 2014; 11:55:09 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2013-7266 |
The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. Published: January 06, 2014; 11:55:09 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2013-7265 |
The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. Published: January 06, 2014; 11:55:09 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |