Linux Kernel Security Vulnerabilities
The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when configured for inline use on Linux without the ip_conntrack module loaded, allows remote attackers to cause a denial of service (segmentation fault and application crash) via certain UDP packets produced by send_morefrag_packet....
6.5AI Score
0.054EPSS
The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel before 2.6.20, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt with the IPV6_RTHDR option name and possibly a zero option length or invalid option value, which...
5.9AI Score
0.0004EPSS
Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain...
6.1AI Score
0.0005EPSS
Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during...
6.5AI Score
0.021EPSS
The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be...
5.8AI Score
0.0004EPSS
Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI...
6.1AI Score
0.017EPSS
The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix timers, which are allocated in kernel memory but...
6.4AI Score
0.0004EPSS
IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown...
6.6AI Score
0.0004EPSS
Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file...
6.3AI Score
0.0004EPSS
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat...
8.6AI Score
0.003EPSS
Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2)...
7.2AI Score
0.048EPSS
The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows remote attackers to cause a denial of service (oops) via a crafted NFSACL 2 ACCESS request that triggers a free of an incorrect...
6AI Score
0.079EPSS
Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of...
7AI Score
0.001EPSS
umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain...
5.9AI Score
0.0004EPSS
The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU...
5.7AI Score
0.015EPSS
The dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is...
6.1AI Score
0.054EPSS
Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown...
5.9AI Score
0.001EPSS
The aio_setup_ring function in Linux kernel does not properly initialize a variable, which allows local users to cause a denial of service (crash) via an unspecified error path that causes an incorrect free...
5.8AI Score
0.001EPSS
Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping a child whose parent has...
5.8AI Score
0.001EPSS
Linux kernel before 2.6.18, when running on x86_64 systems, does not properly save or restore EFLAGS during a context switch, which allows local users to cause a denial of service (crash) by causing SYSENTER to set an NT flag, which can trigger a crash on the IRET of the next...
5.3AI Score
0.003EPSS
The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system...
7.1AI Score
0.001EPSS
The mincore function in the Linux kernel before 2.4.33.6 does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a...
5.1AI Score
0.001EPSS
Multiple buffer overflows in the cmtp_recv_interopmsg function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via.....
7.8AI Score
0.141EPSS
The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core...
7AI Score
0.018EPSS
Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified...
7AI Score
0.001EPSS
smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode...
7.2AI Score
0.001EPSS
The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the wrong flag to the ip_summed field, which allows remote attackers to cause a denial of service (memory corruption) via crafted packets that cause the kernel to interpret another field as an...
6.5AI Score
0.01EPSS
Integer overflow in the get_fdb_entries function in net/bridge/br_ioctl.c in the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code via a large maxnum value in an ioctl...
7.4AI Score
0.001EPSS
The ReiserFS functionality in Linux kernel 2.6.18, and possibly other versions, allows local users to cause a denial of service via a malformed ReiserFS file system that triggers memory corruption when a sync is...
6.4AI Score
0.0004EPSS
The minix filesystem code in Linux kernel 2.6.x before 2.6.24, including 2.6.18, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the minix_bmap function. NOTE: this issue might be due to an integer overflow or signedness...
6AI Score
0.002EPSS
The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stream with malformed data structures that triggers an error in the ext2_check_page due to a length that is smaller than the...
7AI Score
0.002EPSS
The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 stream with malformed data...
6.9AI Score
0.002EPSS
The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on Fedora Core 6 and possibly other operating systems, allows local users to cause a denial of service (crash) via a malformed gfs2 file stream that triggers a NULL pointer dereference in the init_journal...
6AI Score
0.001EPSS
Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux hooks are enabled, allows local users to cause a denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in the superblock_doinit function, as demonstrated using an HFS filesystem...
7AI Score
0.003EPSS
The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a malformed NTFS file stream that triggers an infinite loop in the __find_get_block_slow...
7.1AI Score
0.001EPSS
The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using...
6.9AI Score
0.001EPSS
ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol bypass bug;" and (2) bypass a rule that looks for a....
7.2AI Score
0.058EPSS
Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data...
7.1AI Score
0.001EPSS
Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs...
7.1AI Score
0.0004EPSS
The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linux kernel 2.6 up to 2.6.18-stable allows local users to cause a denial of service (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for...
7.1AI Score
0.001EPSS
Linux kernel does not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which allows local users to cause a denial of service (process crash), as demonstrated using a process that sets the Alignment Check flag (EFLAGS 0x40000), which triggers a.....
7AI Score
0.0004EPSS
The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, allows local users to cause a denial of service (deadlock) by running the shmat function on an shm at the same time that shmctl is removing that shm (IPC_RMID), which prevents a spinlock from being...
5.5CVSS
6AI Score
0.0004EPSS
The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6.x before 2.6.13 does not properly clear buffers during certain error conditions, which allows local users to read portions of files that have been...
7.2AI Score
0.001EPSS
The copy_from_user function in the uaccess code in Linux kernel 2.6 before 2.6.19-rc1, when running on s390, does not properly clear a kernel buffer, which allows local user space programs to read portions of kernel memory by "appending to a file from a bad address," which triggers a fault that...
7AI Score
0.001EPSS
The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer...
7.5CVSS
7AI Score
0.056EPSS
The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and 2.6 before 2.6.18, when running on Itanium systems, does not properly track the reference count for file descriptors, which allows local users to cause a denial of service (file descriptor...
7AI Score
0.001EPSS
The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a...
7.5CVSS
7.1AI Score
0.074EPSS
The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and 2.6.13, in certain configurations, allows local users to cause a denial of service (crash) by triggering an mmap error before a prefault, which causes an error in the unmap_hugepage_area...
7.1AI Score
0.001EPSS
The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local users to cause a denial of service (crash) via an SCTP socket with a certain SO_LINGER value, possibly related to the patch for CVE-2006-3745. NOTE: older kernel versions for specific Linux distributions are also affected, due...
7.1AI Score
0.001EPSS
The Unidirectional Lightweight Encapsulation (ULE) decapsulation component in dvb-core/dvb_net.c in the dvb driver in the Linux kernel 2.6.17.8 allows remote attackers to cause a denial of service (crash) via an SNDU length of 0 in a ULE...
7AI Score
0.093EPSS