Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:linux:linux_kernel:2.6.28:rc3
There are 1,535 matching records.
Displaying matches 1,521 through 1,535.
Vuln ID Summary CVSS Severity
CVE-2009-0676

The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.

Published: February 22, 2009; 5:30:00 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2009-0675

The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue.

Published: February 22, 2009; 5:30:00 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2009-0605

Stack consumption vulnerability in the do_page_fault function in arch/x86/mm/fault.c in the Linux kernel before 2.6.28.5 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via unspecified vectors that trigger page faults on a machine that has a registered Kprobes probe.

Published: February 17, 2009; 12:30:05 PM -0500
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2009-0322

drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/.

Published: January 28, 2009; 1:30:00 PM -0500
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2009-0269

fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index.

Published: January 26, 2009; 10:30:04 AM -0500
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2009-0031

Memory leak in the keyctl_join_session_keyring function (security/keys/keyctl.c) in Linux kernel 2.6.29-rc2 and earlier allows local users to cause a denial of service (kernel memory consumption) via unknown vectors related to a "missing kfree."

Published: January 20, 2009; 9:30:00 PM -0500
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2009-0029

The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which allows local users to cause a denial of service (crash) or possibly gain privileges via a crafted system call.

Published: January 15, 2009; 12:30:00 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2008-5702

Buffer underflow in the ibwdt_ioctl function in drivers/watchdog/ib700wdt.c in the Linux kernel before 2.6.28-rc1 might allow local users to have an unknown impact via a certain /dev/watchdog WDIOC_SETTIMEOUT IOCTL call.

Published: December 22, 2008; 10:30:00 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2008-5701

Array index error in arch/mips/kernel/scall64-o32.S in the Linux kernel before 2.6.28-rc8 on 64-bit MIPS platforms allows local users to cause a denial of service (system crash) via an o32 syscall with a small syscall number, which leads to an attempted read operation outside the bounds of the syscall table.

Published: December 22, 2008; 10:30:00 AM -0500
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2008-5395

The parisc_show_stack function in arch/parisc/kernel/traps.c in the Linux kernel before 2.6.28-rc7 on PA-RISC allows local users to cause a denial of service (system crash) via vectors associated with an attempt to unwind a stack that contains userspace addresses.

Published: December 08, 2008; 7:30:00 PM -0500
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2008-5300

Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029.

Published: December 01, 2008; 12:30:00 PM -0500
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2008-5182

The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount.

Published: November 20, 2008; 9:30:00 PM -0500
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2008-5025

Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933.

Published: November 17, 2008; 6:30:00 PM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2008-4933

Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function.

Published: November 05, 2008; 10:00:14 AM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2006-2935

The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow.

Published: July 05, 2006; 2:05:00 PM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM