Search Results (Refine Search)
- CPE Product Version: cpe:/o:linux:linux_kernel:3.2.10
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-2372 |
The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping. Published: January 22, 2013; 6:55:02 PM -0500 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2012-2137 |
Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function. Published: January 22, 2013; 6:55:02 PM -0500 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2012-2119 |
Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length. Published: January 22, 2013; 6:55:01 PM -0500 |
V3.x:(not available) V2.0: 5.2 MEDIUM |
CVE-2012-5532 |
The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669. Published: December 27, 2012; 6:47:00 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2012-2669 |
The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message. Published: December 27, 2012; 6:47:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2012-5517 |
The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator. Published: December 21, 2012; 6:47:36 AM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2012-4565 |
The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats. Published: December 21, 2012; 6:47:36 AM -0500 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2012-4508 |
Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized. Published: December 21, 2012; 6:47:36 AM -0500 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2012-0957 |
The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality. Published: December 21, 2012; 6:47:35 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2012-4467 |
The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a crafted ioctl call. Published: October 10, 2012; 5:55:00 PM -0400 |
V3.x:(not available) V2.0: 6.6 MEDIUM |
CVE-2012-3511 |
Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call. Published: October 03, 2012; 11:28:35 PM -0400 |
V3.x:(not available) V2.0: 6.2 MEDIUM |
CVE-2012-3520 |
The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager. Published: October 03, 2012; 7:02:57 AM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2012-3412 |
The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value. Published: October 03, 2012; 7:02:56 AM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2012-3400 |
Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem. Published: October 03, 2012; 7:02:56 AM -0400 |
V3.x:(not available) V2.0: 7.6 HIGH |
CVE-2012-3375 |
The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083. Published: October 03, 2012; 7:02:56 AM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2012-2745 |
The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call. Published: August 09, 2012; 6:29:47 AM -0400 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2012-2373 |
The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition. Published: August 09, 2012; 6:29:46 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2012-2136 |
The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device. Published: August 09, 2012; 6:29:46 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2012-2133 |
Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges by interacting with a hugetlbfs filesystem, as demonstrated by a umount operation that triggers improper handling of quota data. Published: July 03, 2012; 12:40:32 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2012-0045 |
The em_syscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before 3.2.14 does not properly handle the 0f05 (aka syscall) opcode, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application, as demonstrated by an NASM file. Published: July 03, 2012; 12:40:31 PM -0400 |
V3.x:(not available) V2.0: 4.7 MEDIUM |