Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:linux:linux_kernel:2.6.31:rc5:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2009-4131 |
The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions. Published: December 12, 2009; 8:30:00 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2009-1298 |
The ip_frag_reasm function in net/ipv4/ip_fragment.c in the Linux kernel 2.6.32-rc8, and 2.6.29 and later versions before 2.6.32, calls IP_INC_STATS_BH with an incorrect argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and hang) via long IP packets, possibly related to the ip_defrag function. Published: December 08, 2009; 6:30:00 PM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2009-4027 |
Race condition in the mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (system crash) via a Delete Block ACK (aka DELBA) packet that triggers a certain state change in the absence of an aggregation session. Published: December 02, 2009; 11:30:00 AM -0500 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2009-4026 |
The mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (panic) via a crafted Delete Block ACK (aka DELBA) packet, related to an erroneous "code shuffling patch." Published: December 02, 2009; 11:30:00 AM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2009-4021 |
The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack. Published: November 25, 2009; 11:30:00 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2009-4005 |
The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. Published: November 19, 2009; 9:30:01 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2009-3624 |
The get_instantiation_keyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux kernel before 2.6.32-rc5 does not properly maintain the reference count of a keyring, which allows local users to gain privileges or cause a denial of service (OOPS) via vectors involving calls to this function without specifying a keyring by ID, as demonstrated by a series of keyctl request2 and keyctl list commands. Published: November 02, 2009; 10:30:00 AM -0500 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2009-3640 |
The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc1 does not properly handle the absence of an Advanced Programmable Interrupt Controller (APIC), which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via a call to the kvm_vcpu_ioctl function. Published: October 29, 2009; 10:30:01 AM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2009-3228 |
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. Published: October 19, 2009; 4:00:00 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2009-3002 |
The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c. Published: August 28, 2009; 11:30:00 AM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2009-3001 |
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC socket. Published: August 28, 2009; 11:30:00 AM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2009-2846 |
The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes that ppos is positive and causes an out-of-bounds read in the readb function. Published: August 18, 2009; 5:00:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2009-2768 |
The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat binary, which triggers an access of an "uninitialized cred pointer." Published: August 14, 2009; 11:16:27 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |