Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:linux:linux_kernel:2.6.33:rc4
There are 1,426 matching records.
Displaying matches 1,161 through 1,180.
Vuln ID Summary CVSS Severity
CVE-2012-2137

Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function.

Published: January 22, 2013; 6:55:02 PM -0500
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2012-2119

Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length.

Published: January 22, 2013; 6:55:01 PM -0500
V3.x:(not available)
V2.0: 5.2 MEDIUM
CVE-2012-5532

The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669.

Published: December 27, 2012; 6:47:00 AM -0500
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2012-2669

The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message.

Published: December 27, 2012; 6:47:00 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2012-5517

The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator.

Published: December 21, 2012; 6:47:36 AM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2012-4565

The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats.

Published: December 21, 2012; 6:47:36 AM -0500
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2012-4508

Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized.

Published: December 21, 2012; 6:47:36 AM -0500
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2012-4444

The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments.

Published: December 21, 2012; 6:47:36 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-0957

The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality.

Published: December 21, 2012; 6:47:35 AM -0500
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2012-4467

The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a crafted ioctl call.

Published: October 10, 2012; 5:55:00 PM -0400
V3.x:(not available)
V2.0: 6.6 MEDIUM
CVE-2012-3511

Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call.

Published: October 03, 2012; 11:28:35 PM -0400
V3.x:(not available)
V2.0: 6.2 MEDIUM
CVE-2012-3552

Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic.

Published: October 03, 2012; 7:02:57 AM -0400
V3.1: 5.9 MEDIUM
V2.0: 7.1 HIGH
CVE-2012-3520

The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager.

Published: October 03, 2012; 7:02:57 AM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2012-3430

The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket.

Published: October 03, 2012; 7:02:56 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2012-3412

The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value.

Published: October 03, 2012; 7:02:56 AM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2012-3400

Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem.

Published: October 03, 2012; 7:02:56 AM -0400
V3.x:(not available)
V2.0: 7.6 HIGH
CVE-2012-3375

The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.

Published: October 03, 2012; 7:02:56 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2011-1833

Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.

Published: October 03, 2012; 7:02:55 AM -0400
V3.x:(not available)
V2.0: 3.3 LOW
CVE-2012-2745

The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call.

Published: August 09, 2012; 6:29:47 AM -0400
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2012-2744

net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before 2.6.34, when the nf_conntrack_ipv6 module is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets.

Published: August 09, 2012; 6:29:46 AM -0400
V3.x:(not available)
V2.0: 7.8 HIGH