Search Results (Refine Search)
- CPE Product Version: cpe:/o:linux:linux_kernel:3.2.72
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-0268 |
The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. Published: February 17, 2013; 11:41:50 PM -0500 |
V3.x:(not available) V2.0: 6.2 MEDIUM |
CVE-2013-0217 |
Memory leak in drivers/net/xen-netback/netback.c in the Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (memory consumption) by triggering certain error conditions. Published: February 17, 2013; 11:41:50 PM -0500 |
V3.x:(not available) V2.0: 5.2 MEDIUM |
CVE-2013-0216 |
The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. Published: February 17, 2013; 11:41:50 PM -0500 |
V3.x:(not available) V2.0: 5.2 MEDIUM |
CVE-2012-4530 |
The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. Published: February 17, 2013; 11:41:50 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2012-4398 |
The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via a crafted application. Published: February 17, 2013; 11:41:50 PM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2012-4461 |
The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SREGS ioctl to set the X86_CR4_OSXSAVE bit in the guest cr4 register, then calling the KVM_RUN ioctl. Published: January 22, 2013; 6:55:02 PM -0500 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2012-3364 |
Multiple stack-based buffer overflows in the Near Field Communication Controller Interface (NCI) in the Linux kernel before 3.4.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via incoming frames with crafted length fields. Published: January 22, 2013; 6:55:02 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-2372 |
The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping. Published: January 22, 2013; 6:55:02 PM -0500 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2012-2119 |
Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length. Published: January 22, 2013; 6:55:01 PM -0500 |
V3.x:(not available) V2.0: 5.2 MEDIUM |
CVE-2012-5532 |
The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669. Published: December 27, 2012; 6:47:00 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2012-2669 |
The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message. Published: December 27, 2012; 6:47:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2012-5517 |
The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator. Published: December 21, 2012; 6:47:36 AM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2012-4565 |
The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats. Published: December 21, 2012; 6:47:36 AM -0500 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2012-4508 |
Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized. Published: December 21, 2012; 6:47:36 AM -0500 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2012-0957 |
The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality. Published: December 21, 2012; 6:47:35 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2012-4467 |
The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a crafted ioctl call. Published: October 10, 2012; 5:55:00 PM -0400 |
V3.x:(not available) V2.0: 6.6 MEDIUM |
CVE-2012-3511 |
Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call. Published: October 03, 2012; 11:28:35 PM -0400 |
V3.x:(not available) V2.0: 6.2 MEDIUM |
CVE-2012-2745 |
The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call. Published: August 09, 2012; 6:29:47 AM -0400 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2012-2373 |
The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition. Published: August 09, 2012; 6:29:46 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2012-2133 |
Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges by interacting with a hugetlbfs filesystem, as demonstrated by a umount operation that triggers improper handling of quota data. Published: July 03, 2012; 12:40:32 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |