National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:linux:linux_kernel:3.0.3
There are 978 matching records.
Displaying matches 921 through 940.
Vuln ID Summary CVSS Severity
CVE-2013-0290

The __skb_recv_datagram function in net/core/datagram.c in the Linux kernel before 3.8 does not properly handle the MSG_PEEK flag with zero-length data, which allows local users to cause a denial of service (infinite loop and system hang) via a crafted application.

Published: February 19, 2013; 02:55:01 PM -05:00
V2: 4.9 MEDIUM
CVE-2012-5375

The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value.

Published: February 18, 2013; 06:56:38 AM -05:00
V2: 4.0 MEDIUM
CVE-2012-5374

The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (extended runtime of kernel code) by creating many different files whose names are associated with the same CRC32C hash value.

Published: February 18, 2013; 06:56:38 AM -05:00
V2: 4.0 MEDIUM
CVE-2013-0871

Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death.

Published: February 17, 2013; 11:41:50 PM -05:00
V2: 6.9 MEDIUM
CVE-2013-0268

The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.

Published: February 17, 2013; 11:41:50 PM -05:00
V2: 6.2 MEDIUM
CVE-2013-0217

Memory leak in drivers/net/xen-netback/netback.c in the Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (memory consumption) by triggering certain error conditions.

Published: February 17, 2013; 11:41:50 PM -05:00
V2: 5.2 MEDIUM
CVE-2013-0216

The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption.

Published: February 17, 2013; 11:41:50 PM -05:00
V2: 5.2 MEDIUM
CVE-2013-0160

The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.

Published: February 17, 2013; 11:41:50 PM -05:00
V2: 2.1 LOW
CVE-2012-4530

The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.

Published: February 17, 2013; 11:41:50 PM -05:00
V2: 2.1 LOW
CVE-2012-4398

The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via a crafted application.

Published: February 17, 2013; 11:41:50 PM -05:00
V2: 4.9 MEDIUM
CVE-2012-4461

The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SREGS ioctl to set the X86_CR4_OSXSAVE bit in the guest cr4 register, then calling the KVM_RUN ioctl.

Published: January 22, 2013; 06:55:02 PM -05:00
V2: 1.9 LOW
CVE-2012-3364

Multiple stack-based buffer overflows in the Near Field Communication Controller Interface (NCI) in the Linux kernel before 3.4.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via incoming frames with crafted length fields.

Published: January 22, 2013; 06:55:02 PM -05:00
V2: 5.0 MEDIUM
CVE-2012-2372

The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping.

Published: January 22, 2013; 06:55:02 PM -05:00
V2: 4.4 MEDIUM
CVE-2012-2137

Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function.

Published: January 22, 2013; 06:55:02 PM -05:00
V2: 6.9 MEDIUM
CVE-2012-2119

Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length.

Published: January 22, 2013; 06:55:01 PM -05:00
V2: 5.2 MEDIUM
CVE-2012-5532

The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669.

Published: December 27, 2012; 06:47:00 AM -05:00
V2: 4.9 MEDIUM
CVE-2012-2669

The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message.

Published: December 27, 2012; 06:47:00 AM -05:00
V2: 2.1 LOW
CVE-2012-5517

The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator.

Published: December 21, 2012; 06:47:36 AM -05:00
V2: 4.0 MEDIUM
CVE-2012-4565

The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats.

Published: December 21, 2012; 06:47:36 AM -05:00
V2: 4.7 MEDIUM
CVE-2012-4508

Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized.

Published: December 21, 2012; 06:47:36 AM -05:00
V2: 1.9 LOW