Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:linux:linux_kernel:3.8.7:*:*:*:*:*:*:*
There are 1,227 matching records.
Displaying matches 1,201 through 1,220.
Vuln ID Summary CVSS Severity
CVE-2013-2850

Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet.

Published: June 07, 2013; 10:03:19 AM -0400
V3.x:(not available)
V2.0: 7.9 HIGH
CVE-2013-2148

The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor.

Published: June 07, 2013; 10:03:19 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2013-2147

The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c.

Published: June 07, 2013; 10:03:19 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2013-2146

arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit.

Published: June 07, 2013; 10:03:19 AM -0400
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2013-2141

The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call.

Published: June 07, 2013; 10:03:18 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2013-2094

The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.

Published: May 14, 2013; 4:55:01 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2013-1979

The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application.

Published: May 03, 2013; 7:57:45 AM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2013-1959

kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process.

Published: May 03, 2013; 7:57:45 AM -0400
V3.x:(not available)
V2.0: 3.7 LOW
CVE-2013-3301

The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.

Published: April 29, 2013; 10:55:04 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2013-3237

The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Published: April 22, 2013; 7:41:01 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-3236

The vmci_transport_dgram_dequeue function in net/vmw_vsock/vmci_transport.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Published: April 22, 2013; 7:41:01 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-3235

net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Published: April 22, 2013; 7:41:01 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-3234

The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Published: April 22, 2013; 7:41:01 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-3233

The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Published: April 22, 2013; 7:41:01 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-3232

The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Published: April 22, 2013; 7:41:01 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-3231

The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Published: April 22, 2013; 7:41:01 AM -0400
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2013-3230

The l2tp_ip6_recvmsg function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.9-rc7 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Published: April 22, 2013; 7:41:01 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-3229

The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Published: April 22, 2013; 7:41:01 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-3228

The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Published: April 22, 2013; 7:41:01 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-3227

The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Published: April 22, 2013; 7:41:01 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM