National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:linux:linux_kernel:3.4.9
There are 930 matching records.
Displaying matches 921 through 930.
Vuln ID Summary CVSS Severity
CVE-2013-0160

The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.

Published: February 17, 2013; 11:41:50 PM -05:00
V2: 2.1 LOW
CVE-2012-4530

The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.

Published: February 17, 2013; 11:41:50 PM -05:00
V2: 2.1 LOW
CVE-2012-4461

The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SREGS ioctl to set the X86_CR4_OSXSAVE bit in the guest cr4 register, then calling the KVM_RUN ioctl.

Published: January 22, 2013; 06:55:02 PM -05:00
V2: 1.9 LOW
CVE-2012-2372

The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping.

Published: January 22, 2013; 06:55:02 PM -05:00
V2: 4.4 MEDIUM
CVE-2012-5532

The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669.

Published: December 27, 2012; 06:47:00 AM -05:00
V2: 4.9 MEDIUM
CVE-2012-5517

The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator.

Published: December 21, 2012; 06:47:36 AM -05:00
V2: 4.0 MEDIUM
CVE-2012-4565

The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats.

Published: December 21, 2012; 06:47:36 AM -05:00
V2: 4.7 MEDIUM
CVE-2012-4508

Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized.

Published: December 21, 2012; 06:47:36 AM -05:00
V2: 1.9 LOW
CVE-2012-0957

The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality.

Published: December 21, 2012; 06:47:35 AM -05:00
V2: 4.9 MEDIUM
CVE-2012-4467

The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a crafted ioctl call.

Published: October 10, 2012; 05:55:00 PM -04:00
V2: 6.6 MEDIUM