U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:linux:linux_kernel:2.6.20:rc3:*:*:*:*:*:*
  • CPE Name Search: true
There are 2,682 matching records.
Displaying matches 2,281 through 2,300.
Vuln ID Summary CVSS Severity
CVE-2011-1017

Heap-based buffer overflow in the ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel 2.6.37.2 and earlier might allow local users to gain privileges or obtain sensitive information via a crafted LDM partition table.

Published: March 01, 2011; 6:00:03 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2011-1012

The ldm_parse_vmdb function in fs/partitions/ldm.c in the Linux kernel before 2.6.38-rc6-git6 does not validate the VBLK size value in the VMDB structure in an LDM partition table, which allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted partition table.

Published: March 01, 2011; 6:00:03 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2011-1010

Buffer overflow in the mac_partition function in fs/partitions/mac.c in the Linux kernel before 2.6.37.2 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via a malformed Mac OS partition table.

Published: March 01, 2011; 6:00:03 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2011-0711

The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.

Published: March 01, 2011; 6:00:02 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2011-1020

The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.

Published: February 28, 2011; 11:00:01 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2011-1016

The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values.

Published: February 28, 2011; 11:00:01 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2011-0999

mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not prevent creation of a transparent huge page (THP) during the existence of a temporary stack for an exec system call, which allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact via a crafted application.

Published: February 23, 2011; 2:00:02 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2011-1044

The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649.

Published: February 18, 2011; 3:00:09 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2011-0712

Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c.

Published: February 18, 2011; 3:00:09 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2011-0710

The task_show_regs function in arch/s390/kernel/traps.c in the Linux kernel before 2.6.38-rc4-next-20110216 on the s390 platform allows local users to obtain the values of the registers of an arbitrary process by reading a status file under /proc/.

Published: February 18, 2011; 3:00:09 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2011-0709

The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux kernel before 2.6.35-rc5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an IGMP packet, related to lack of a multicast table.

Published: February 18, 2011; 3:00:09 PM -0500
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2010-4649

Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large value of a certain structure member.

Published: February 18, 2011; 3:00:09 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2011-0521

The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a negative value.

Published: February 02, 2011; 6:00:32 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2010-4256

The pipe_fcntl function in fs/pipe.c in the Linux kernel before 2.6.37 does not properly determine whether a file is a named pipe, which allows local users to cause a denial of service via an F_SETPIPE_SZ fcntl call.

Published: January 25, 2011; 2:00:03 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2010-4243

fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.

Published: January 22, 2011; 5:00:04 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2010-4263

The igb_receive_skb function in drivers/net/igb/igb_main.c in the Intel Gigabit Ethernet (aka igb) subsystem in the Linux kernel before 2.6.34, when Single Root I/O Virtualization (SR-IOV) and promiscuous mode are enabled but no VLANs are registered, allows remote attackers to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via a VLAN tagged frame.

Published: January 18, 2011; 1:03:07 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.9 HIGH
CVE-2010-3086

include/asm-x86/futex.h in the Linux kernel before 2.6.25 does not properly implement exception fixup, which allows local users to cause a denial of service (panic) via an invalid application that triggers a page fault.

Published: January 14, 2011; 6:00:44 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2010-4529

Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockopt call.

Published: January 13, 2011; 2:00:04 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2010-4527

The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl call.

Published: January 13, 2011; 2:00:04 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2010-4526

Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.

Published: January 10, 2011; 10:00:04 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.1 HIGH