National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:linux:linux_kernel:3.0.49
There are 971 matching records.
Displaying matches 721 through 740.
Vuln ID Summary CVSS Severity
CVE-2014-3145

The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced.

Published: May 11, 2014; 05:55:06 PM -04:00
V2: 4.9 MEDIUM
CVE-2014-3144

The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced.

Published: May 11, 2014; 05:55:06 PM -04:00
V2: 4.9 MEDIUM
CVE-2014-3122

The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings.

Published: May 11, 2014; 05:55:06 PM -04:00
V2: 4.9 MEDIUM
CVE-2014-1738

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.

Published: May 11, 2014; 05:55:05 PM -04:00
V2: 4.9 MEDIUM
CVE-2014-1737

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.

Published: May 11, 2014; 05:55:05 PM -04:00
V2: 7.2 HIGH
CVE-2014-0196

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.

Published: May 07, 2014; 06:55:04 AM -04:00
V2: 6.9 MEDIUM
CVE-2014-2889

Off-by-one error in the bpf_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 3.1.8, when BPF JIT is enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges via a long jump after a conditional jump.

Published: April 26, 2014; 08:55:05 PM -04:00
V2: 4.6 MEDIUM
CVE-2014-0181

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.

Published: April 26, 2014; 08:55:05 PM -04:00
V2: 2.1 LOW
CVE-2014-2851

Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.

Published: April 14, 2014; 07:55:07 PM -04:00
V2: 6.9 MEDIUM
CVE-2014-2706

Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c.

Published: April 14, 2014; 07:55:07 PM -04:00
V2: 7.1 HIGH
CVE-2014-0155

The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced.

Published: April 14, 2014; 07:55:07 PM -04:00
V2: 5.5 MEDIUM
CVE-2014-0077

drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.

Published: April 14, 2014; 07:55:07 PM -04:00
V2: 5.5 MEDIUM
CVE-2014-2678

The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.

Published: April 01, 2014; 02:35:53 AM -04:00
V2: 4.7 MEDIUM
CVE-2014-2673

The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service (Program Check and system crash) via certain instructions that are executed with the processor in the Transactional state.

Published: April 01, 2014; 02:35:53 AM -04:00
V2: 4.7 MEDIUM
CVE-2014-2672

Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions.

Published: April 01, 2014; 02:35:53 AM -04:00
V2: 7.1 HIGH
CVE-2013-7348

Double free vulnerability in the ioctx_alloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via vectors involving an error condition in the aio_setup_ring function.

Published: April 01, 2014; 02:35:53 AM -04:00
V2: 4.6 MEDIUM
CVE-2014-2568

Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced.

Published: March 24, 2014; 12:40:48 PM -04:00
V2: 2.9 LOW
CVE-2014-2523

net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.

Published: March 24, 2014; 12:40:48 PM -04:00
V2: 10.0 HIGH
CVE-2014-0131

Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.

Published: March 24, 2014; 12:40:48 PM -04:00
V2: 2.9 LOW
CVE-2013-7339

The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.

Published: March 24, 2014; 12:40:43 PM -04:00
V2: 4.7 MEDIUM