National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:linux:linux_kernel:2.4.0:test11
There are 1,307 matching records.
Displaying matches 1261 through 1280.
Vuln ID Summary CVSS Severity
CVE-2004-0685

Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage.

Published: December 23, 2004; 12:00:00 AM -05:00
V2: 4.6 MEDIUM
CVE-2004-0814

Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch.

Published: December 23, 2004; 12:00:00 AM -05:00
V2: 1.2 LOW
CVE-2004-1333

Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.

Published: December 15, 2004; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2004-1334

Integer overflow in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (kernel crash) via a cmsg_len that contains a -1, which leads to a buffer overflow.

Published: December 15, 2004; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2004-1335

Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function.

Published: December 15, 2004; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2004-0565

Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.

Published: December 06, 2004; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2004-0415

Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.

Published: November 23, 2004; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2004-0447

Unknown vulnerability in Linux before 2.4.26 for IA64 allows local users to cause a denial of service, with unknown impact. NOTE: due to a typo, this issue was accidentally assigned CVE-2004-0477. This is the proper candidate to use for the Linux local DoS.

Published: August 06, 2004; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2004-0535

The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.

Published: August 06, 2004; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2004-0658

Integer overflow in the hpsb_alloc_packet function (incorrectly reported as alloc_hpsb_packet) in IEEE 1394 (Firewire) driver 2.4 and 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via the functions (1) raw1394_write, (2) state_connected, (3) handle_remote_request, or (4) hpsb_make_writebpacket.

Published: August 06, 2004; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2004-0427

The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion) via the clone (CLONE_VM) system call.

Published: July 07, 2004; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2004-0109

Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.

Published: June 01, 2004; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2004-0133

The XFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the XFS file system, which allows local users to obtain sensitive information by reading the raw device.

Published: June 01, 2004; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2004-0177

The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device.

Published: June 01, 2004; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2004-0178

The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes.

Published: June 01, 2004; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2004-0181

The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the JFS file system, which allows local users to obtain sensitive information by reading the raw device.

Published: June 01, 2004; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2004-2135

cryptoloop on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.

Published: May 26, 2004; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2003-1040

kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service (crash) by sending certain signals to kmod.

Published: April 15, 2004; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2004-0075

The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service.

Published: March 15, 2004; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2004-0003

Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."

Published: March 03, 2004; 12:00:00 AM -05:00
V2: 4.6 MEDIUM