Search Results (Refine Search)
- CPE Product Version: cpe:/o:linux:linux_kernel:2.6.28:rc2
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2011-0726 |
The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary. Published: July 18, 2011; 6:55:00 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2011-1172 |
net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. Published: June 22, 2011; 6:55:01 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2011-1171 |
net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. Published: June 22, 2011; 6:55:01 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2011-1170 |
net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. Published: June 22, 2011; 6:55:01 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2011-1090 |
The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service (panic) via a crafted attempt to set an ACL. Published: May 09, 2011; 3:55:02 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2011-1577 |
Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media. Published: May 03, 2011; 3:55:12 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2011-1495 |
drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions. Published: May 03, 2011; 3:55:08 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2011-1494 |
Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow. Published: May 03, 2011; 3:55:08 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2010-3015 |
Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service (BUG and system crash) via a write operation on the last block of a large file, followed by a sync operation. Published: August 20, 2010; 2:00:02 PM -0400 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2010-1643 |
mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict overcommit is enabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors. Published: June 03, 2010; 10:30:01 AM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2008-7256 |
mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict overcommit is enabled and CONFIG_SECURITY is disabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1643. Published: June 03, 2010; 10:30:01 AM -0400 |
V3.x:(not available) V2.0: 1.2 LOW |
CVE-2010-1173 |
The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data. Published: May 07, 2010; 2:30:01 PM -0400 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2009-1298 |
The ip_frag_reasm function in net/ipv4/ip_fragment.c in the Linux kernel 2.6.32-rc8, and 2.6.29 and later versions before 2.6.32, calls IP_INC_STATS_BH with an incorrect argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and hang) via long IP packets, possibly related to the ip_defrag function. Published: December 08, 2009; 6:30:00 PM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2009-3726 |
The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state. Published: November 09, 2009; 2:30:00 PM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2009-3624 |
The get_instantiation_keyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux kernel before 2.6.32-rc5 does not properly maintain the reference count of a keyring, which allows local users to gain privileges or cause a denial of service (OOPS) via vectors involving calls to this function without specifying a keyring by ID, as demonstrated by a series of keyctl request2 and keyctl list commands. Published: November 02, 2009; 10:30:00 AM -0500 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2009-2406 |
Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size. Published: July 31, 2009; 3:00:01 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2009-1389 |
Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet. Published: June 16, 2009; 7:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2009-1184 |
The selinux_ip_postroute_iptables_compat function in security/selinux/hooks.c in the SELinux subsystem in the Linux kernel before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is enabled, omits calls to avc_has_perm for the (1) node and (2) port, which allows local users to bypass intended restrictions on network traffic. NOTE: this was incorrectly reported as an issue fixed in 2.6.27.21. Published: May 05, 2009; 4:30:00 PM -0400 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2009-1439 |
Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect response to an SMB mount request. Published: April 27, 2009; 2:00:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2009-1192 |
The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages. Published: April 24, 2009; 11:30:00 AM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |