Linux Kernel Security Vulnerabilities
7.2AI Score
0.0004EPSS
super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access.
7.5AI Score
0.0004EPSS
7AI Score
0.0005EPSS
A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files.
6.7AI Score
0.0004EPSS
In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection.
7AI Score
0.008EPSS
Linux 2.2.3 and earlier allow a remote attacker to perform an IP fragmentation attack, causing a denial of service.
6.7AI Score
0.006EPSS
Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port.
6.7AI Score
0.0004EPSS
Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service.
6.9AI Score
0.0004EPSS
Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address.
7AI Score
0.007EPSS
A system does not present an appropriate legal message or warning to a user who is accessing it.
6.9AI Score
0.003EPSS
The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names.
6.7AI Score
0.004EPSS
The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users.
6.8AI Score
0.0004EPSS
Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.
7AI Score
0.002EPSS
The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.
6.7AI Score
0.0004EPSS
IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP fragments before checking the header information, which allows a remote attacker to bypass the filtering rules using several fragments with 0 offsets.
7AI Score
0.009EPSS
Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory.
6.9AI Score
0.0004EPSS
Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command.
7AI Score
0.015EPSS
Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, allows local unprivileged users to forge IP packets via the TIOCSETD option on tty devices.
6.7AI Score
0.0004EPSS
mknod in Linux 2.2 follows symbolic links, which could allow local users to overwrite files or gain privileges.
6.9AI Score
0.0004EPSS
6.3AI Score
0.001EPSS
The Linux 2.2.x kernel does not restrict the number of Unix domain sockets as defined by the wmem_max parameter, which allows local users to cause a denial of service by requesting a large number of sockets.
6.5AI Score
0.0004EPSS
IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection.
6.7AI Score
0.003EPSS
The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to cause a denial of service via a negative size value.
6.8AI Score
0.002EPSS
The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting the capabilities to prevent a setuid program from dropping privileges, aka the "Linux kernel setuid/setcap vulnerability."
6.8AI Score
0.004EPSS
Linux kernel 2.4 and 2.2 allows local users to read kernel memory and possibly gain privileges via a negative argument to the sysctl call.
5.4AI Score
0.0004EPSS
Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process.
6.5AI Score
0.0004EPSS
ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall.
6.9AI Score
0.019EPSS
Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.
6.6AI Score
0.001EPSS
Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows local users to cause a denial of service via a series of deeply nested symlinks, which causes the kernel to spend extra time when trying to access the link.
6.1AI Score
0.0004EPSS
Linux kernel before 2.4.11pre3 in multiple Linux distributions allows local users to cause a denial of service (crash) by starting the core vmlinux kernel, possibly related to poor error checking during ELF loading.
6.6AI Score
0.0004EPSS
IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a "DCC SEND" request to a malicious server which listens on port 6667, which may cause the module to believe that the traffic is a valid...
7.1AI Score
0.005EPSS
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network tra...
7.1AI Score
0.012EPSS
The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, when running on certain Intel CPUs, allows local users to cause a denial of service (system halt).
6.5AI Score
0.0004EPSS
ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows local users to gain root privileges by running ptrace on a setuid or setgid program that itself calls an unprivileged program, such as newgrp.
6.6AI Score
0.0004EPSS
Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages.
5.2AI Score
0.001EPSS
Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory.
5.5CVSS
5.2AI Score
0.001EPSS
The Linux kernel before 2.2.19 does not have unregister calls for (1) CPUID and (2) MSR drivers, which could cause a DoS (crash) by unloading and reloading the drivers.
5.4AI Score
0.001EPSS
Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service (hang).
5.5AI Score
0.001EPSS
Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel before 2.2.19 allows local users to cause a denial of service.
5.2AI Score
0.0004EPSS
Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact.
5.3AI Score
0.001EPSS
Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact.
5.6AI Score
0.001EPSS
The System V (SYS5) shared memory implementation for Linux kernel before 2.2.19 could allow attackers to modify recently freed memory.
5.3AI Score
0.001EPSS
Masquerading code for Linux kernel before 2.2.19 does not fully check packet lengths in certain cases, which may lead to a vulnerability.
5.4AI Score
0.013EPSS
Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka "User access asm bug on x86."
5.3AI Score
0.001EPSS
Unknown vulnerabilities in the UDP port allocation for Linux kernel before 2.2.19 could allow local users to cause a denial of service (deadlock).
5.4AI Score
0.0004EPSS
Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, which allows local users to exceed disk quota restrictions during execution of setuid programs.
6.8AI Score
0.0004EPSS
The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when configured to filter based on MAC addresses, allows remote attackers to bypass packet filters via small packets.
6.6AI Score
0.006EPSS
Linux kernel, and possibly other operating systems, allows remote attackers to read portions of memory via a series of fragmented ICMP packets that generate an ICMP TTL Exceeded response, which includes portions of the memory in the response packet.
7AI Score
0.005EPSS
IRC connection tracking helper module in the netfilter subsystem for Linux 2.4.18-pre9 and earlier does not properly set the mask for conntrack expectations for incoming DCC connections, which could allow remote attackers to bypass intended firewall restrictions.
6.7AI Score
0.013EPSS
The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall).
6AI Score
0.0004EPSS