Max CVSS | 10.0 | Min CVSS | 1.9 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2017-1000253 | 7.2 |
Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4f
|
11-09-2024 - 11:12 | 05-10-2017 - 01:29 | |
CVE-2016-5195 | 7.2 |
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in Oc
|
24-07-2024 - 14:27 | 10-11-2016 - 21:59 | |
CVE-2014-3153 | 7.2 |
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe wai
|
02-07-2024 - 12:17 | 07-06-2014 - 14:55 | |
CVE-2010-3904 | 7.2 |
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privile
|
27-06-2024 - 19:23 | 06-12-2010 - 20:13 | |
CVE-2019-3900 | 6.8 |
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest
|
26-04-2024 - 16:08 | 25-04-2019 - 15:29 | |
CVE-2016-2143 | 6.9 |
The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted appli
|
14-03-2024 - 19:59 | 27-04-2016 - 17:59 | |
CVE-2013-2094 | 7.2 |
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
|
04-03-2024 - 22:58 | 14-05-2013 - 20:55 | |
CVE-2019-14821 | 7.2 |
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wher
|
16-02-2024 - 18:44 | 19-09-2019 - 18:15 | |
CVE-2015-0274 | 7.2 |
The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges
|
15-02-2024 - 18:55 | 16-03-2015 - 10:59 | |
CVE-2014-0196 | 6.9 |
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or
|
09-02-2024 - 19:24 | 07-05-2014 - 10:55 | |
CVE-2013-3301 | 7.2 |
The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write acce
|
02-02-2024 - 16:33 | 29-04-2013 - 14:55 | |
CVE-2014-4943 | 6.9 |
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.
|
19-01-2024 - 17:50 | 19-07-2014 - 19:55 | |
CVE-2019-14835 | 7.2 |
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descript
|
15-12-2023 - 15:29 | 17-09-2019 - 16:15 | |
CVE-2015-8104 | 4.7 |
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
|
10-10-2023 - 15:15 | 16-11-2015 - 11:59 | |
CVE-2019-11479 | 5.0 |
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial
|
16-08-2023 - 14:17 | 19-06-2019 - 00:15 | |
CVE-2019-11811 | 6.9 |
An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and
|
11-08-2023 - 19:54 | 07-05-2019 - 14:29 | |
CVE-2013-0871 | 6.9 |
Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death.
|
11-08-2023 - 18:43 | 18-02-2013 - 04:41 | |
CVE-2012-0056 | 6.9 |
The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipp
|
27-07-2023 - 15:21 | 27-01-2012 - 15:55 | |
CVE-2017-7533 | 6.9 |
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_han
|
21-06-2023 - 15:57 | 05-08-2017 - 16:29 | |
CVE-2014-5077 | 7.1 |
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an assoc
|
19-05-2023 - 16:50 | 01-08-2014 - 11:13 | |
CVE-2018-18559 | 6.8 |
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a ra
|
16-05-2023 - 11:14 | 22-10-2018 - 16:29 | |
CVE-2020-25643 | 7.5 |
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial
|
16-05-2023 - 10:48 | 06-10-2020 - 14:15 | |
CVE-2018-8781 | 7.2 |
The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissi
|
03-03-2023 - 19:22 | 23-04-2018 - 19:29 | |
CVE-2018-9568 | 7.2 |
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Androi
|
24-02-2023 - 18:43 | 06-12-2018 - 14:29 | |
CVE-2017-2636 | 6.9 |
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.
|
24-02-2023 - 18:43 | 07-03-2017 - 22:59 | |
CVE-2019-11487 | 7.2 |
The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs
|
24-02-2023 - 18:43 | 23-04-2019 - 22:29 | |
CVE-2017-9074 | 7.2 |
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly
|
24-02-2023 - 18:40 | 19-05-2017 - 07:29 | |
CVE-2017-7541 | 7.2 |
The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a
|
14-02-2023 - 21:37 | 25-07-2017 - 04:29 | |
CVE-2017-7308 | 7.2 |
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or
|
14-02-2023 - 18:32 | 29-03-2017 - 20:59 | |
CVE-2018-14634 | 7.2 |
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6
|
13-02-2023 - 04:51 | 25-09-2018 - 21:29 | |
CVE-2013-6368 | 6.2 |
The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.
|
13-02-2023 - 04:49 | 14-12-2013 - 18:08 | |
CVE-2013-4592 | 4.0 |
Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots.
|
13-02-2023 - 04:49 | 20-11-2013 - 13:19 | |
CVE-2013-2237 | 2.1 |
The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message fr
|
13-02-2023 - 04:44 | 04-07-2013 - 21:55 | |
CVE-2013-1827 | 6.2 |
net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsoc
|
13-02-2023 - 04:41 | 22-03-2013 - 11:59 | |
CVE-2013-0311 | 6.5 |
The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges.
|
13-02-2023 - 04:41 | 22-02-2013 - 00:55 | |
CVE-2013-0268 | 6.2 |
The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.
|
13-02-2023 - 04:40 | 18-02-2013 - 04:41 | |
CVE-2012-5517 | 4.0 |
The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by us
|
13-02-2023 - 04:37 | 21-12-2012 - 11:47 | |
CVE-2012-4530 | 2.1 |
The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
|
13-02-2023 - 04:34 | 18-02-2013 - 04:41 | |
CVE-2012-2745 | 4.7 |
The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork s
|
13-02-2023 - 04:33 | 09-08-2012 - 10:29 | |
CVE-2011-4110 | 2.1 |
The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a
|
13-02-2023 - 04:32 | 27-01-2012 - 15:55 | |
CVE-2011-4131 | 4.6 |
The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words.
|
13-02-2023 - 04:32 | 17-05-2012 - 11:00 | |
CVE-2011-2918 | 4.9 |
The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application.
|
13-02-2023 - 04:32 | 24-05-2012 - 23:55 | |
CVE-2012-1097 | 7.2 |
The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other
|
13-02-2023 - 04:32 | 17-05-2012 - 11:00 | |
CVE-2011-2479 | 4.9 |
The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system crash) via a crafted application.
|
13-02-2023 - 04:31 | 01-03-2013 - 12:37 | |
CVE-2011-1771 | 4.4 |
The cifs_close function in fs/cifs/file.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact by setting the O_DIRECT flag during an attempt to
|
13-02-2023 - 04:30 | 06-09-2011 - 16:55 | |
CVE-2011-1478 | 5.7 |
The napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of servic
|
13-02-2023 - 04:29 | 23-10-2011 - 10:55 | |
CVE-2011-1581 | 9.0 |
The bond_select_queue function in drivers/net/bonding/bond_main.c in the Linux kernel before 2.6.39, when a network device with a large number of receive queues is installed but the default tx_queues setting is used, does not properly restrict queue
|
13-02-2023 - 04:29 | 26-05-2011 - 16:55 | |
CVE-2010-4243 | 4.9 |
fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a cr
|
13-02-2023 - 04:28 | 22-01-2011 - 22:00 | |
CVE-2011-4621 | 4.9 |
The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes code in a loop.
|
13-02-2023 - 03:23 | 17-05-2012 - 11:00 | |
CVE-2011-4326 | 7.1 |
The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv
|
13-02-2023 - 01:21 | 17-05-2012 - 11:00 | |
CVE-2011-1573 | 4.3 |
net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attacke
|
13-02-2023 - 01:19 | 02-02-2012 - 04:09 | |
CVE-2015-7872 | 2.1 |
The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands.
|
13-02-2023 - 00:55 | 16-11-2015 - 11:59 | |
CVE-2014-7841 | 5.0 |
The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malf
|
13-02-2023 - 00:42 | 30-11-2014 - 01:59 | |
CVE-2014-3646 | 4.7 |
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
|
13-02-2023 - 00:41 | 10-11-2014 - 11:55 | |
CVE-2014-3145 | 4.9 |
The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read
|
13-02-2023 - 00:39 | 11-05-2014 - 21:55 | |
CVE-2014-2038 | 2.1 |
The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from ke
|
13-02-2023 - 00:38 | 28-02-2014 - 06:18 | |
CVE-2012-3552 | 7.1 |
Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of n
|
13-02-2023 - 00:25 | 03-10-2012 - 11:02 | |
CVE-2012-3511 | 6.2 |
Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call.
|
13-02-2023 - 00:25 | 04-10-2012 - 03:28 | |
CVE-2012-3412 | 7.8 |
The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value.
|
13-02-2023 - 00:25 | 03-10-2012 - 11:02 | |
CVE-2012-2383 | 4.9 |
Integer overflow in the i915_gem_execbuffer2 function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platforms allows local users to cause a denial of service (
|
13-02-2023 - 00:25 | 13-06-2012 - 10:24 | |
CVE-2012-2373 | 4.0 |
The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that t
|
13-02-2023 - 00:24 | 09-08-2012 - 10:29 | |
CVE-2011-2695 | 4.9 |
Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a write operation involving a block number c
|
13-02-2023 - 00:18 | 28-07-2011 - 22:55 | |
CVE-2020-14331 | 7.2 |
A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local us
|
12-02-2023 - 23:40 | 15-09-2020 - 19:15 | |
CVE-2019-3896 | 7.2 |
A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).
|
12-02-2023 - 23:38 | 19-06-2019 - 00:15 | |
CVE-2019-14896 | 10.0 |
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join
|
12-02-2023 - 23:36 | 27-11-2019 - 09:15 | |
CVE-2017-7558 | 5.0 |
A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in
|
12-02-2023 - 23:31 | 26-07-2018 - 15:29 | |
CVE-2018-10902 | 4.6 |
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmi
|
12-02-2023 - 23:31 | 21-08-2018 - 19:29 | |
CVE-2017-7472 | 4.9 |
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
|
12-02-2023 - 23:30 | 11-05-2017 - 19:29 | |
CVE-2017-12192 | 4.9 |
The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial
|
12-02-2023 - 23:28 | 12-10-2017 - 00:29 | |
CVE-2016-4470 | 4.9 |
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a craft
|
12-02-2023 - 23:21 | 27-06-2016 - 10:59 | |
CVE-2015-5156 | 6.1 |
The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corrup
|
12-02-2023 - 23:15 | 19-10-2015 - 10:59 | |
CVE-2016-0728 | 7.2 |
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and us
|
12-02-2023 - 23:15 | 08-02-2016 - 03:59 | |
CVE-2017-6074 | 7.2 |
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double
|
10-02-2023 - 00:53 | 18-02-2017 - 21:59 | |
CVE-2014-2523 | 10.0 |
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that tri
|
19-01-2023 - 16:26 | 24-03-2014 - 16:40 | |
CVE-2017-7895 | 10.0 |
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted reque
|
19-01-2023 - 16:13 | 28-04-2017 - 10:59 | |
CVE-2016-9555 | 10.0 |
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified
|
19-01-2023 - 16:13 | 28-11-2016 - 03:59 | |
CVE-2016-7117 | 10.0 |
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
|
19-01-2023 - 16:13 | 10-10-2016 - 11:00 | |
CVE-2015-3331 | 9.3 |
The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of serv
|
19-01-2023 - 16:06 | 27-05-2015 - 10:59 | |
CVE-2019-17666 | 8.3 |
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.
|
19-01-2023 - 16:05 | 17-10-2019 - 02:15 | |
CVE-2019-9500 | 7.9 |
The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an h
|
19-01-2023 - 15:53 | 16-01-2020 - 21:15 | |
CVE-2017-1000251 | 7.7 |
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remot
|
19-01-2023 - 15:53 | 12-09-2017 - 17:29 | |
CVE-2016-4565 | 7.2 |
The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI int
|
17-01-2023 - 21:40 | 23-05-2016 - 10:59 | |
CVE-2016-8666 | 7.8 |
The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrat
|
17-01-2023 - 21:36 | 16-10-2016 - 21:59 | |
CVE-2012-0207 | 7.8 |
The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.
|
17-01-2023 - 21:31 | 17-05-2012 - 11:00 | |
CVE-2014-9322 | 7.2 |
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access t
|
17-01-2023 - 21:29 | 17-12-2014 - 11:59 | |
CVE-2016-5829 | 7.2 |
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOC
|
17-01-2023 - 21:16 | 27-06-2016 - 10:59 | |
CVE-2017-1000379 | 7.2 |
The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.
|
17-01-2023 - 21:03 | 19-06-2017 - 16:29 | |
CVE-2018-5391 | 7.8 |
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments
|
28-12-2022 - 18:07 | 06-09-2018 - 21:29 | |
CVE-2019-11810 | 7.8 |
An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a
|
02-12-2022 - 19:46 | 07-05-2019 - 14:29 | |
CVE-2020-12888 | 4.7 |
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
|
14-11-2022 - 19:44 | 15-05-2020 - 18:15 | |
CVE-2015-1421 | 10.0 |
Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by tri
|
03-11-2022 - 20:23 | 16-03-2015 - 10:59 | |
CVE-2019-17133 | 7.5 |
In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.
|
03-11-2022 - 02:41 | 04-10-2019 - 12:15 | |
CVE-2020-9383 | 3.6 |
An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.
|
29-10-2022 - 02:34 | 25-02-2020 - 16:15 | |
CVE-2019-9456 | 4.6 |
In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation
|
14-10-2022 - 01:39 | 06-09-2019 - 22:15 | |
CVE-2019-11135 | 2.1 |
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
|
07-10-2022 - 15:03 | 14-11-2019 - 19:15 | |
CVE-2020-12352 | 3.3 |
Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
|
12-08-2022 - 18:28 | 23-11-2020 - 17:15 | |
CVE-2019-0155 | 7.2 |
Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G390
|
22-04-2022 - 19:57 | 14-11-2019 - 19:15 | |
CVE-2020-10711 | 4.3 |
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the
|
22-04-2022 - 18:53 | 22-05-2020 - 15:15 | |
CVE-2019-9503 | 7.9 |
The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will c
|
18-04-2022 - 18:09 | 16-01-2020 - 21:15 | |
CVE-2018-13405 | 4.6 |
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a memb
|
06-04-2022 - 15:28 | 06-07-2018 - 14:29 | |
CVE-2016-5696 | 5.8 |
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.
|
17-11-2021 - 22:15 | 06-08-2016 - 20:59 | |
CVE-2019-9506 | 4.8 |
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") tha
|
04-11-2021 - 15:58 | 14-08-2019 - 17:15 | |
CVE-2018-3639 | 2.1 |
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access vi
|
13-08-2021 - 15:26 | 22-05-2018 - 12:29 | |
CVE-2014-3917 | 3.3 |
kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a lar
|
15-07-2021 - 19:16 | 05-06-2014 - 17:55 | |
CVE-2018-3665 | 4.7 |
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
|
09-06-2021 - 16:24 | 21-06-2018 - 20:29 | |
CVE-2014-4508 | 4.7 |
arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscal
|
12-11-2020 - 22:15 | 23-06-2014 - 11:21 | |
CVE-2019-7221 | 4.6 |
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
|
15-10-2020 - 13:28 | 21-03-2019 - 16:01 | |
CVE-2020-14331 | 7.2 |
A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local us
|
28-09-2020 - 16:15 | 15-09-2020 - 19:15 | |
CVE-2020-12888 | 4.7 |
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
|
28-09-2020 - 16:15 | 15-05-2020 - 18:15 | |
CVE-2019-5489 | 2.1 |
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this af
|
24-08-2020 - 17:37 | 07-01-2019 - 17:29 | |
CVE-2018-7566 | 4.6 |
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
|
24-08-2020 - 17:37 | 30-03-2018 - 21:29 | |
CVE-2019-11091 | 4.7 |
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
|
24-08-2020 - 17:37 | 30-05-2019 - 16:29 | |
CVE-2019-15239 | 7.2 |
In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue tha
|
18-08-2020 - 15:05 | 20-08-2019 - 08:15 | |
CVE-2014-4667 | 5.0 |
The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.
|
14-08-2020 - 18:02 | 03-07-2014 - 04:22 | |
CVE-2014-8369 | 4.6 |
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or p
|
13-08-2020 - 19:37 | 10-11-2014 - 11:55 | |
CVE-2010-4668 | 4.7 |
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map. NOTE: th
|
12-08-2020 - 19:37 | 03-01-2011 - 20:00 | |
CVE-2019-19338 | 2.1 |
A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a hos
|
21-07-2020 - 17:17 | 13-07-2020 - 17:15 | |
CVE-2020-12654 | 4.3 |
An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.
|
16-06-2020 - 20:15 | 05-05-2020 - 05:15 | |
CVE-2019-18660 | 1.9 |
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.
|
28-01-2020 - 19:47 | 27-11-2019 - 23:15 | |
CVE-2016-6198 | 4.9 |
The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related t
|
27-12-2019 - 16:08 | 06-08-2016 - 20:59 | |
CVE-2018-14646 | 4.9 |
The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assi
|
09-10-2019 - 23:35 | 26-11-2018 - 19:29 | |
CVE-2017-7518 | 4.6 |
A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/pr
|
09-10-2019 - 23:29 | 30-07-2018 - 15:29 | |
CVE-2017-6214 | 5.0 |
The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.
|
03-10-2019 - 00:03 | 23-02-2017 - 17:59 | |
CVE-2018-8897 | 7.2 |
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that
|
03-10-2019 - 00:03 | 08-05-2018 - 18:29 | |
CVE-2017-5551 | 3.6 |
The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid pro
|
03-10-2019 - 00:03 | 06-02-2017 - 06:59 | |
CVE-2018-16597 | 4.9 |
An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
|
03-10-2019 - 00:03 | 21-09-2018 - 16:29 | |
CVE-2015-3636 | 4.9 |
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and sy
|
22-04-2019 - 17:48 | 06-08-2015 - 01:59 | |
CVE-2013-4299 | 6.0 |
Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.
|
22-04-2019 - 17:48 | 24-10-2013 - 10:53 | |
CVE-2013-2188 | 4.7 |
A certain Red Hat patch to the do_filp_open function in fs/namei.c in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle failure to obtain write permissions, which allows local users to cause a
|
22-04-2019 - 17:48 | 16-07-2013 - 14:08 | |
CVE-2011-0714 | 5.7 |
Use-after-free vulnerability in a certain Red Hat patch for the RPC server sockets functionality in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 might allow remote attackers to cause a denial of service (crash) via malformed data in a
|
22-04-2019 - 17:48 | 04-05-2011 - 22:55 | |
CVE-2018-5803 | 4.9 |
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.
|
27-03-2019 - 16:17 | 12-06-2018 - 16:29 | |
CVE-2018-6927 | 4.6 |
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.
|
06-03-2019 - 21:38 | 12-02-2018 - 19:29 | |
CVE-2015-8767 | 4.9 |
net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
|
30-08-2018 - 16:53 | 08-02-2016 - 03:59 | |
CVE-2017-14106 | 4.9 |
The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code pat
|
13-07-2018 - 01:29 | 01-09-2017 - 16:29 | |
CVE-2017-9242 | 4.9 |
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via craft
|
05-01-2018 - 02:31 | 27-05-2017 - 01:29 | |
CVE-2016-9084 | 4.6 |
drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device fil
|
05-01-2018 - 02:31 | 28-11-2016 - 03:59 | |
CVE-2016-3841 | 7.2 |
The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.
|
05-01-2018 - 02:30 | 06-08-2016 - 20:59 | |
CVE-2015-5366 | 5.0 |
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect chec
|
05-01-2018 - 02:30 | 31-08-2015 - 10:59 | |
CVE-2016-3044 | 4.9 |
The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors.
|
05-01-2018 - 02:30 | 01-12-2016 - 11:59 | |
CVE-2015-2830 | 1.9 |
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the
|
05-01-2018 - 02:30 | 27-05-2015 - 10:59 | |
CVE-2012-1601 | 4.9 |
The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.
|
05-01-2018 - 02:29 | 17-05-2012 - 11:00 | |
CVE-2013-7265 | 4.9 |
The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from ke
|
16-12-2017 - 02:29 | 06-01-2014 - 16:55 | |
CVE-2017-1000380 | 2.1 |
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed
|
06-12-2017 - 02:29 | 17-06-2017 - 18:29 | |
CVE-2015-3339 | 6.2 |
Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but t
|
31-12-2016 - 02:59 | 27-05-2015 - 10:59 | |
CVE-2016-0774 | 5.6 |
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do
|
03-12-2016 - 03:18 | 27-04-2016 - 17:59 | |
CVE-2014-6410 | 4.7 |
The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UD
|
23-08-2016 - 02:08 | 28-09-2014 - 10:55 |