Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:linux:linux_kernel:2.6.33:rc4
There are 1,436 matching records.
Displaying matches 1,341 through 1,360.
Vuln ID Summary CVSS Severity
CVE-2010-3876

net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_RAW capability to read copies of the applicable structures.

Published: January 03, 2011; 3:00:42 PM -0500
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2010-3875

The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.

Published: January 03, 2011; 3:00:42 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2010-3873

The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed (1) X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE data, related to net/x25/x25_facilities.c and net/x25/x25_in.c, a different vulnerability than CVE-2010-4164.

Published: January 03, 2011; 3:00:41 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2010-3448

drivers/platform/x86/thinkpad_acpi.c in the Linux kernel before 2.6.34 on ThinkPad devices, when the X.Org X server is used, does not properly restrict access to the video output control state, which allows local users to cause a denial of service (system hang) via a (1) read or (2) write operation.

Published: January 03, 2011; 3:00:25 PM -0500
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2010-4342

The aun_incoming function in net/econet/af_econet.c in the Linux kernel before 2.6.37-rc6, when Econet is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending an Acorn Universal Networking (AUN) packet over UDP.

Published: December 30, 2010; 2:00:04 PM -0500
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2010-4258

The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call.

Published: December 30, 2010; 2:00:04 PM -0500
V3.x:(not available)
V2.0: 6.2 MEDIUM
CVE-2010-4158

The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter.

Published: December 30, 2010; 2:00:03 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2010-3850

The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call.

Published: December 30, 2010; 2:00:03 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2010-3849

The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field.

Published: December 30, 2010; 2:00:03 PM -0500
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2010-3848

Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures.

Published: December 30, 2010; 2:00:03 PM -0500
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2010-4565

The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename.

Published: December 29, 2010; 1:00:02 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2010-4343

drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file.

Published: December 29, 2010; 1:00:02 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 4.7 MEDIUM
CVE-2010-3874

Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow local users to cause a denial of service (memory corruption) via a connect operation.

Published: December 29, 2010; 1:00:02 PM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2010-3859

Multiple integer signedness errors in the TIPC implementation in the Linux kernel before 2.6.36.2 allow local users to gain privileges via a crafted sendmsg call that triggers a heap-based buffer overflow, related to the tipc_msg_build function in net/tipc/msg.c and the verify_iovec function in net/core/iovec.c.

Published: December 29, 2010; 1:00:02 PM -0500
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2010-3881

arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device.

Published: December 23, 2010; 1:00:02 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2010-4347

The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by placing a custom ACPI method in the ACPI interpreter tables, related to the acpi_debugfs_init function in drivers/acpi/debugfs.c.

Published: December 22, 2010; 4:00:19 PM -0500
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2010-4346

The install_special_mapping function in mm/mmap.c in the Linux kernel before 2.6.37-rc6 does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-language application.

Published: December 22, 2010; 4:00:19 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2010-4157

Integer overflow in the ioc_general function in drivers/scsi/gdth.c in the Linux kernel before 2.6.36.1 on 64-bit platforms allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large argument in an ioctl call.

Published: December 10, 2010; 2:00:05 PM -0500
V3.x:(not available)
V2.0: 6.2 MEDIUM
CVE-2010-3880

net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions.

Published: December 10, 2010; 2:00:04 PM -0500
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2010-3861

The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize a certain block of heap memory, which allows local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value, a different vulnerability than CVE-2010-2478.

Published: December 10, 2010; 2:00:04 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW