Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:linux:linux_kernel:2.6.23:*:*:*:*:*:*:*
There are 1,720 matching records.
Displaying matches 1,701 through 1,720.
Vuln ID Summary CVSS Severity
CVE-2008-1375

Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.

Published: May 02, 2008; 12:05:00 PM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2008-1675

The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory.

Published: May 02, 2008; 12:05:00 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2008-1514

arch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other versions before 2.6.27-rc6, on s390 platforms allows local users to cause a denial of service (kernel panic) via the user-area-padding test from the ptrace testsuite in 31-bit mode, which triggers an invalid dereference.

Published: March 25, 2008; 8:44:00 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2008-0009

The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.

Published: February 12, 2008; 4:00:00 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2008-0010

The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations.

Published: February 12, 2008; 4:00:00 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2008-0600

The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.

Published: February 12, 2008; 4:00:00 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2008-0001

VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.

Published: January 15, 2008; 3:00:00 PM -0500
V3.x:(not available)
V2.0: 3.6 LOW
CVE-2007-5966

Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third party information.

Published: December 19, 2007; 7:46:00 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2007-6434

Linux kernel 2.6.23 allows local users to create low pages in virtual userspace memory and bypass mmap_min_addr protection via a crafted executable file that calls the do_brk function.

Published: December 18, 2007; 3:46:00 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2007-6417

The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash).

Published: December 17, 2007; 7:46:00 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2007-6151

The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which triggers a buffer overflow.

Published: December 14, 2007; 8:46:00 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2007-6206

The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.

Published: December 03, 2007; 7:46:00 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2007-6063

Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function.

Published: November 20, 2007; 7:46:00 PM -0500
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2007-5500

The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. NOTE: some of these details are obtained from third party information.

Published: November 19, 2007; 9:46:00 PM -0500
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2007-5501

The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference.

Published: November 15, 2007; 3:46:00 PM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-5904

Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function.

Published: November 09, 2007; 1:46:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-5093

The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 2.6.22.6 "relies on user space to close the device," which allows user-assisted local attackers to cause a denial of service (USB subsystem hang and CPU consumption in khubd) by not closing the device after the disconnect is invoked. NOTE: this rarely crosses privilege boundaries, unless the attacker can convince the victim to unplug the affected device.

Published: September 26, 2007; 5:17:00 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2007-4308

The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges.

Published: August 13, 2007; 5:17:00 PM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2006-6058

The minix filesystem code in Linux kernel 2.6.x before 2.6.24, including 2.6.18, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the minix_bmap function. NOTE: this issue might be due to an integer overflow or signedness error.

Published: November 21, 2006; 8:07:00 PM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2006-2935

The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow.

Published: July 05, 2006; 2:05:00 PM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM