Kernel Security Vulnerabilities and Issues — Kernel CVE List

LinuxKernel

9 matches found

CVE•added 2009/06/04 4:0 p.m.•336 views

CVE-2009-1385

CVE-2009-1385 describes an integer underflow in the e1000/e1000e drivers of the Linux kernel (drivers/net/e1000/e1000_main.c) that can be triggered by a crafted frame size. Affects Linux kernel versions before 2.6.30-rc8 (and the e1000e driver) and Intel Wired Ethernet (e1000) before 7.5.5. Explo...

7.8CVSS4.7AI score0.13893EPSS

Web

CVE•added 2009/06/16 11:0 p.m.•130 views

CVE-2009-1389

CVE-2009-1389 is a vulnerability in the Linux kernel RTL8169 NIC driver (drivers/net/r8169.c). A crafted long Ethernet frame can cause a buffer overflow, leading to kernel memory corruption and a crash (remote DoS) on affected systems. The issue affects kernels before 2.6.30; exploitation require...

7.8CVSS5.3AI score0.07833EPSS

CVE•added 2009/07/31 6:29 p.m.•120 views

CVE-2009-2406

CVE-2009-2406 refers to a stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c of the Linux kernel before 2.6.30.4. The issue arises from not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size, enabling l...

6.9CVSS5.9AI score0.00314EPSS

CVE•added 2009/08/18 8:41 p.m.•114 views

CVE-2009-2844

CVE-2009-2844 affects the Linux kernel’s cfg80211 code (net/wireless/scan.c) in 2.6.30-rc1 and earlier than 2.6.31-rc6. The vulnerability allows remote attackers to cause a denial of service (crash) by sending a crafted sequence of beacon frames: one frame omits the SSID Information Element, and ...

7.8CVSS6.7AI score0.01735EPSS

CVE•added 2009/08/18 8:41 p.m.•107 views

CVE-2009-2847

CVE-2009-2847 affects the Linux kernel: do_sigaltstack in kernel/signal.c on 64-bit systems fails to clear certain padding bytes, enabling local users to read sensitive data from the kernel stack via sigaltstack. Affected: Linux kernel versions 2.4–2.4.37 and 2.6 up to 2.6.31-rc5. Impact: local i...

4.9CVSS5.6AI score0.00182EPSS

CVE•added 2010/02/12 7:0 p.m.•90 views

CVE-2010-0309

The CVE concerns the pit_ioport_read function in the PIT emulation (i8254.c) of KVM 83, where improper use of the pit_state data structure can be exploited by a guest to trigger a host denial-of-service (host crash or hang) by reading /dev/port. Affected component is KVM's PIT emulation; impact i...

6.8CVSS6.4AI score0.00765EPSS

Web

CVE•added 2009/11/02 3:0 p.m.•84 views

CVE-2009-3624

CVE-2009-3624 affects the Linux kernel KEYS subsystem. The get_instantiation_keyring function in security/keys/keyctl.c fails to properly maintain the reference count of a keyring when a keyring is not specified by ID, enabling a local attacker to gain privileges or trigger a denial of service (O...

4.6CVSS6.8AI score0.00063EPSS

CVE•added 2009/08/14 3:0 p.m.•75 views

CVE-2009-2767

CVE-2009-2767 affects the Linux kernel up to version 2.6.31-rc6. The init_posix_timers function in kernel/posix-timers.c mishandles CLOCK_MONOTONIC_RAW clock_nanosleep, triggering a NULL pointer dereference and enabling local users to cause a denial of service (OOPS) or potentially gain privilege...

7.2CVSS7.3AI score0.00124EPSS

CVE•added 2014/10/10 1:0 a.m.•55 views

CVE-2014-2649

HP Operations Manager for UNIX (HP-UX) versions 9.10, 9.11 and 9.20 are identified as affected by CVE-2014-2649, a remote code execution vulnerability. The vulnerability is described as unspecified in vectors, enabling an unauthenticated attacker to execute arbitrary code on a remote host. HP’s s...

7.5CVSS7.8AI score0.03623EPSS