Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:linux:linux_kernel:3.9.4:*:*:*:*:*:arm64:*
There are 1,113 matching records.
Displaying matches 1,101 through 1,113.
Vuln ID Summary CVSS Severity
CVE-2013-4162

The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call.

Published: July 29, 2013; 9:59:56 AM -0400
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2013-4129

The bridge multicast implementation in the Linux kernel through 3.10.3 does not check whether a certain timer is armed before modifying the timeout value of that timer, which allows local users to cause a denial of service (BUG and system crash) via vectors involving the shutdown of a KVM virtual machine, related to net/bridge/br_mdb.c and net/bridge/br_multicast.c.

Published: July 29, 2013; 9:59:56 AM -0400
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2013-4127

Use-after-free vulnerability in the vhost_net_set_backend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service (OOPS and system crash) via vectors involving powering on a virtual machine.

Published: July 29, 2013; 9:59:56 AM -0400
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2013-4125

The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack in the Linux kernel through 3.10.1 does not properly handle Router Advertisement (RA) messages in certain circumstances involving three routes that initially qualified for membership in an ECMP route set until a change occurred for one of the first two routes, which allows remote attackers to cause a denial of service (system crash) via a crafted sequence of messages.

Published: July 15, 2013; 4:55:03 PM -0400
V3.x:(not available)
V2.0: 5.4 MEDIUM
CVE-2013-1059

net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation.

Published: July 08, 2013; 1:55:01 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2013-2234

The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.

Published: July 04, 2013; 5:55:01 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2013-2232

The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface.

Published: July 04, 2013; 5:55:01 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-2164

The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.

Published: July 04, 2013; 5:55:00 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2013-2852

Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.

Published: June 07, 2013; 10:03:20 AM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2013-2851

Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name.

Published: June 07, 2013; 10:03:20 AM -0400
V3.x:(not available)
V2.0: 6.0 MEDIUM
CVE-2013-2850

Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet.

Published: June 07, 2013; 10:03:19 AM -0400
V3.x:(not available)
V2.0: 7.9 HIGH
CVE-2013-2148

The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor.

Published: June 07, 2013; 10:03:19 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2013-2147

The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c.

Published: June 07, 2013; 10:03:19 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW