Search Results (Refine Search)
- CPE Product Version: cpe:/o:linux:linux_kernel:2.6.28:rc1
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2009-1192 |
The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages. Published: April 24, 2009; 11:30:00 AM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2009-1360 |
The __inet6_check_established function in net/ipv6/inet6_hashtables.c in the Linux kernel before 2.6.29, when Network Namespace Support (aka NET_NS) is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via vectors involving IPv6 packets. Published: April 22, 2009; 11:30:00 AM -0400 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2009-1337 |
The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. Published: April 22, 2009; 11:30:00 AM -0400 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2009-0748 |
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) by attempting to mount a crafted ext4 filesystem. Published: February 27, 2009; 12:30:09 PM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2009-0747 |
The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and error-message flood) by attempting to mount a crafted ext4 filesystem. Published: February 27, 2009; 12:30:09 PM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2009-0676 |
The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request. Published: February 22, 2009; 5:30:00 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2009-0675 |
The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue. Published: February 22, 2009; 5:30:00 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2009-0605 |
Stack consumption vulnerability in the do_page_fault function in arch/x86/mm/fault.c in the Linux kernel before 2.6.28.5 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via unspecified vectors that trigger page faults on a machine that has a registered Kprobes probe. Published: February 17, 2009; 12:30:05 PM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2008-5701 |
Array index error in arch/mips/kernel/scall64-o32.S in the Linux kernel before 2.6.28-rc8 on 64-bit MIPS platforms allows local users to cause a denial of service (system crash) via an o32 syscall with a small syscall number, which leads to an attempted read operation outside the bounds of the syscall table. Published: December 22, 2008; 10:30:00 AM -0500 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2008-5395 |
The parisc_show_stack function in arch/parisc/kernel/traps.c in the Linux kernel before 2.6.28-rc7 on PA-RISC allows local users to cause a denial of service (system crash) via vectors associated with an attempt to unwind a stack that contains userspace addresses. Published: December 08, 2008; 7:30:00 PM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2008-5300 |
Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029. Published: December 01, 2008; 12:30:00 PM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2008-5182 |
The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount. Published: November 20, 2008; 9:30:00 PM -0500 |
V3.x:(not available) V2.0: 6.9 MEDIUM |