National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:linux:linux_kernel:2.6.15.1
There are 2,515 matching records.
Displaying matches 2481 through 2500.
Vuln ID Summary CVSS Severity
CVE-2006-2445

Race condition in run_posix_cpu_timers in Linux kernel before 2.6.16.21 allows local users to cause a denial of service (BUG_ON crash) by causing one CPU to attach a timer to a process that is exiting.

Published: June 23, 2006; 06:02:00 AM -04:00
    V2: 4.0 MEDIUM
CVE-2006-2448

Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required access_ok checks, which allows local users to read arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of service (crash) and possibly read kernel memory on 32-bit systems (signal_32.c).

Published: June 23, 2006; 06:02:00 AM -04:00
    V2: 5.6 MEDIUM
CVE-2006-3085

xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers to cause a denial of service (infinite loop) via an SCTP chunk with a 0 length.

Published: June 23, 2006; 06:02:00 AM -04:00
    V2: 7.8 HIGH
CVE-2006-2629

Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP platforms, allows local users to cause a denial of service (crash) by creating and exiting a large number of tasks, then accessing the /proc entry of a task that is exiting, which causes memory corruption that leads to a failure in the prune_dcache function or a BUG_ON error in include/linux/list.h.

Published: May 27, 2006; 06:02:00 AM -04:00
    V2: 4.0 MEDIUM
CVE-2006-2444

The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees of previously-freed memory (double-free) by snmp_trap_decode as well as its calling function, as demonstrated via certain test cases of the PROTOS SNMP test suite.

Published: May 25, 2006; 06:02:00 AM -04:00
    V2: 7.8 HIGH
CVE-2006-1857

Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk.

Published: May 22, 2006; 12:06:00 PM -04:00
    V2: 9.0 HIGH
CVE-2006-1858

SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters.

Published: May 22, 2006; 12:06:00 PM -04:00
    V2: 7.8 HIGH
CVE-2006-1856

Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules (LSM) file_permission hooks to the (1) readv and (2) writev functions, which might allow attackers to bypass intended access restrictions.

Published: May 19, 2006; 07:02:00 PM -04:00
    V2: 7.5 HIGH
CVE-2006-1052

The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows local users with ptrace permissions to change the tracer SID to an SID of another process.

Published: May 05, 2006; 08:46:00 AM -04:00
    V2: 2.1 LOW
CVE-2006-2071

Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs.

Published: April 27, 2006; 01:06:00 PM -04:00
    V2: 2.1 LOW
CVE-2006-1863

Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1864.

Published: April 25, 2006; 06:02:00 PM -04:00
    V2: 2.1 LOW
CVE-2006-1056

The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels.

Published: April 20, 2006; 06:02:00 AM -04:00
    V2: 2.1 LOW
CVE-2006-1525

ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users to cause a denial of service (panic) via a request for a route for a multicast IP address, which triggers a null dereference.

Published: April 19, 2006; 02:18:00 PM -04:00
    V2: 4.9 MEDIUM
CVE-2006-0744

Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS.

Published: April 18, 2006; 06:02:00 AM -04:00
    V2: 4.9 MEDIUM
CVE-2006-0558

perfmon (perfmon.c) in Linux kernel on IA64 architectures allows local users to cause a denial of service (crash) by interrupting a task while another process is accessing the mm_struct, which triggers a BUG_ON action in the put_page_testzero function.

Published: April 14, 2006; 05:02:00 PM -04:00
    V2: 4.9 MEDIUM
CVE-2006-1055

The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 up to versions before 2.6.17-rc1 does not zero terminate a buffer when a length of PAGE_SIZE or more is requested, which might allow local users to cause a denial of service (crash) by causing an out-of-bounds read.

Published: April 05, 2006; 01:04:00 PM -04:00
    V2: 4.9 MEDIUM
CVE-2006-1066

Linux kernel 2.6.16-rc2 and earlier, when running on x86_64 systems with preemption enabled, allows local users to cause a denial of service (oops) via multiple ptrace tasks that perform single steps, which can cause corruption of the DEBUG_STACK stack during the do_debug function call.

Published: March 26, 2006; 07:02:00 PM -05:00
    V2: 1.2 LOW
CVE-2006-0038

Integer overflow in the do_replace function in netfilter for Linux before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ, allows local users with CAP_NET_ADMIN rights to cause a buffer overflow in the copy_from_user function.

Published: March 22, 2006; 03:06:00 PM -05:00
    V2: 6.9 MEDIUM
CVE-2006-1242

The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to conduct an Idle Scan (nmap -sI) attack, which bypasses intended protections against such attacks.

Published: March 15, 2006; 12:06:00 PM -05:00
    V2: 5.0 MEDIUM
CVE-2006-0457

Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions in Linux kernel 2.6.x allows local users to cause a denial of service (crash) or read sensitive kernel memory by modifying the length of a string argument between the time that the kernel calculates the length and when it copies the data into kernel memory.

Published: March 13, 2006; 09:02:00 PM -05:00
    V2: 7.1 HIGH