Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:linux:linux_kernel:2.6.4:rc1:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-8481 |
The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 does not properly handle invalid instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application that triggers (1) an improperly fetched instruction or (2) an instruction that occupies too many bytes. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8480. Published: November 10, 2014; 6:55:09 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2014-8480 |
The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 lacks intended decoder-table flags for certain RIP-relative instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application. Published: November 10, 2014; 6:55:09 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2011-0726 |
The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary. Published: July 18, 2011; 6:55:00 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2011-1172 |
net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. Published: June 22, 2011; 6:55:01 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2011-1171 |
net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. Published: June 22, 2011; 6:55:01 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2011-1170 |
net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. Published: June 22, 2011; 6:55:01 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2011-1090 |
The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service (panic) via a crafted attempt to set an ACL. Published: May 09, 2011; 3:55:02 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2011-1577 |
Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media. Published: May 03, 2011; 3:55:12 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2011-1495 |
drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions. Published: May 03, 2011; 3:55:08 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2011-1494 |
Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow. Published: May 03, 2011; 3:55:08 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2005-4886 |
The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the Linux kernel before 2.6.12-rc4 allows remote attackers to cause a denial of service (OOPS) via vectors associated with an incorrect call to the ipv6_skip_exthdr function. Published: February 26, 2010; 2:30:00 PM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2009-2406 |
Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size. Published: July 31, 2009; 3:00:01 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2009-1389 |
Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet. Published: June 16, 2009; 7:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2009-0778 |
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak." Published: March 12, 2009; 11:20:49 AM -0400 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2008-1669 |
Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table." Published: May 07, 2008; 8:20:00 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2007-3642 |
The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c in the Linux kernel before 2.6.20.15, 2.6.21.x before 2.6.21.6, and before 2.6.22 allows remote attackers to cause a denial of service (crash) via an encoded, out-of-range index value for a choice field, which triggers a NULL pointer dereference. Published: July 09, 2007; 9:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2007-2453 |
The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source. Published: June 11, 2007; 7:30:00 PM -0400 |
V3.x:(not available) V2.0: 1.2 LOW |
CVE-2007-2876 |
The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference. Published: June 11, 2007; 7:30:00 PM -0400 |
V3.x:(not available) V2.0: 6.1 MEDIUM |
CVE-2007-1592 |
net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 inadvertently copies the ipv6_fl_socklist from a listening TCP socket to child sockets, which allows local users to cause a denial of service (OOPS) or double free by opening a listening IPv6 socket, attaching a flow label, and connecting to that socket. Published: March 22, 2007; 3:19:00 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2006-6106 |
Multiple buffer overflows in the cmtp_recv_interopmsg function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via CAPI messages with a large value for the length of the (1) manu (manufacturer) or (2) serial (serial number) field. Published: December 19, 2006; 2:28:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |