PT-2019-3108 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.2.3 Description: The issue is related to a NULL pointer dereference in the drivers/media/usb/zr364xx/zr364xx.c driver, caused by a malicious USB device. This can lead to a denial of service. Recommendations: F...

EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1492)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The sndtimerinterrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked...

EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1477)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The pnrecvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring...

Denial Of Service (DoS)

kernel-rt is vulnerable to denial of service DoS attacks. The vulnerability exists through a memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows local users to cause a denial of service memory consumption or system crash via invalid MAPHUGETLB mmap operations...

Virtuozzo 7 : readykernel-patch (VZA-2018-052)

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - The implementation of timercreate system call in the Linux kernel before 4.14.8 doesn't properly validate the...

CVE-2018-3567

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability exists in WLAN while processing the HTTT2HMSGTYPEPEERMAP or HTTT2HMSGTYPEPEERUNMAP messages...

UBUNTU-CVE-2017-16526

drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service general protection fault and system crash or possibly have unspecified other impact via a crafted USB device...

UBUNTU-CVE-2017-6348

The hashbindelete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service deadlock via crafted operations on IrDA devices...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2017-3516)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3516 advisory. - vfs: read filehandle only once in handletopath Sasha Levin Orabug: 25388709 CVE-2015-1420 - USB: usbfs: fix potential infoleak in devio Kangjie L...

UBUNTU-CVE-2016-8630

The x86decodeinsn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service host OS crash via a certain use of a ModR/M byte in an undefined instruction...

PT-2016-5973 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.7 Description: The issue concerns the proc connectinfo function in the Linux kernel, which fails to initialize a certain data structure. This allows local users to obtain sensitive information from kernel stac...

CVE-2014-7822

The implementation of certain splicewrite file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service system crash or possibly have unspecified other impact via a crafted splice system...

UBUNTU-CVE-2014-6417

net/ceph/authx.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service system crash or possibly have unspecified other impact via a long unencrypted auth ticket...

CVE-2014-4608

Multiple integer overflows in the lzo1xdecompresssafe function in lib/lzo/lzo1xdecompresssafe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service memory corruption via a crafted Literal Run. NOTE: the author of the LZO...

CVE-2014-2889

Off-by-one error in the bpfjitcompile function in arch/x86/net/bpfjitcomp.c in the Linux kernel before 3.1.8, when BPF JIT is enabled, allows local users to cause a denial of service system crash or possibly gain privileges via a long jump after a conditional jump...

Oracle Linux 6 : kernel (ELSA-2011-1189)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-1189 advisory. - net nl80211: missing check for valid SSID size in scan operation Stanislaw Gruszka 718157 718158 CVE-2011-2517 - net bluetooth: l2cap and rfcomm: fix...

Oracle Linux 6 : kernel (ELSA-2012-1064)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-1064 advisory. - kernel Prevent keyctl newsession from causing a panic David Howells 833433 827424 CVE-2012-2745 - net ipv6/netfilter: fix null pointer dereference in...

CVE-2011-1180

Multiple stack-based buffer overflows in the iriapgetvaluebyclassindication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging connectivity to an IrDA infrared...

UBUNTU-CVE-2013-0228

The xeniret function in arch/x86/xen/xen-asm32.S in the Linux kernel before 3.7.9 on 32-bit Xen paravirtops platforms does not properly handle an invalid value in the DS segment register, which allows guest OS users to gain guest OS privileges via a crafted application...

CVE-2012-0038

Integer overflow in the xfsaclfromdisk function in fs/xfs/xfsacl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service panic via a filesystem with a malformed ACL, leading to a heap-based buffer overflow...