39 matches found
CVE-2011-3188
CVE-2011-3188 affects the Linux kernel prior to 3.1, where IPv4 and IPv6 sequence numbers/Fragment IDs are generated with a modified MD4. This predictable value generation enables remote attackers to cause DoS or hijack sessions by crafting packets. The vulnerability is mitigated by upgrading the...
CVE-2011-4621
The CVE-2011-4621 entry concerns the Linux kernel prior to 2.6.37, where a clock-update optimization is flawed, allowing a local user to cause a denial of service (system hang) by running code in a loop. Affected software is the Linux kernel up to version before 2.6.37; the description does not s...
CVE-2011-2525
CVE-2011-2525 affects the Linux kernel prior to 2.6.35, where the qdisc_notify function in net/sched/sch_api.c does not prevent tc_fill_qdisc calls referencing builtin Qdisc structures. This can lead to a NULL pointer dereference and OOPS, enabling local users to cause a denial of service and pot...
CVE-2012-3400
CVE-2012-3400 describes a heap-based buffer overflow in the udf_load_logicalvol function (fs/udf/super.c) of the Linux kernel up to version 3.4.5. The flaw allows remote attackers to cause a denial of service (system crash) or potentially other impact via a crafted UDF filesystem. Connected advis...
CVE-2012-0879
CVE-2012-0879 affects the Linux kernel prior to 2.6.33, where the I/O implementation for block devices mishandles the CLONE_IO feature. Local attackers can create multiple processes sharing an I/O context, causing I/O instability and a denial of service. The vulnerability is evidenced across mult...
CVE-2012-2136
CVE-2012-2136 affects the Linux kernel prior to 3.4.5. The sock_alloc_send_pskb function does not properly validate a length value, enabling a local user to trigger a heap-based overflow that can crash the system or potentially gain privileges via access to a TUN/TAP device. Affected software is ...
CVE-2011-3191
CVE-2011-3191 affects the Linux kernel CIFS implementation (fs/cifs/cifssmb.c: CIFSFindNext). It is caused by an integer signedness error, existing in kernels before 3.1, which can allow a remote CIFS server to trigger memory corruption or other impact via a large length value in a directory read...
CVE-2011-4330
CVE-2011-4330 describes a stack-based buffer overflow in the Linux kernel 2.6, specifically in hfs_mac2asc (fs/hfs/trans.c). A crafted HFS image len field can be used by a local user to trigger a crash and, per the description, possibly execute arbitrary code. The associated connected documents c...
CVE-2011-2699
CVE-2011-2699 affects the Linux kernel IPv6 implementation. The vulnerability is that, before version 3.1, Fragment Identification values were not generated separately for each destination, enabling remote attackers to cause a denial of service by sending crafted packets. Connected advisories ref...
CVE-2012-3412
CVE-2012-3412 affects the sfc (Solarflare Solarstorm) driver in the Linux kernel, specifically versions before 3.2.30. The vulnerability allows remote attackers to trigger a denial of service by sending crafted TCP packets that induce a small MSS value, leading to DMA descriptor consumption and n...
CVE-2011-2517
The vulnerability CVE-2011-2517 affects the Linux kernel (pre-2.6.39.2) where multiple buffer overflows in net/wireless/nl80211.c can allow local users to gain privileges by exploiting a long SSID during scan operations when CAP_NET_ADMIN is available. Impact is local privilege escalation with co...
CVE-2011-2918
CVE-2011-2918 affects the Linux kernel perf subsystem (Performance Events). The issue arises in the handling of event overflows for PERF_COUNT_SW_CPU_CLOCK, enabling a local attacker to cause a denial of service (system hang) via a crafted application. Public references in connected advisories co...
CVE-2012-1097
CVE-2012-1097 affects the Linux kernel before 3.2.10, where the regset (register set) path mishandles absence of .get/.set methods. This can allow a local attacker to trigger a NULL pointer dereference via PTRACE_GETREGSET or PTRACE_SETREGSET, possibly causing denial of service or other impact. R...
CVE-2012-0207
CVE-2012-0207 affects the Linux kernel before 3.2.1, where igmp_heard_query in net/ipv4/igmp.c can be triggered by IGMP packets to cause a divide-by-zero leading to a kernel panic (DoS). The vulnerability is addressed in Linux 3.2.1 (as per ChangeLog-3.2.1). Connected advisories/Nessus entries re...
CVE-2012-0038
CVE-2012-0038 affects the Linux kernel prior to 3.1.9. An integer overflow in fs/xfs/xfs_acl.c (xfs_acl_from_disk) can be triggered by a malformed ACL on a filesystem, leading to a heap-based buffer overflow and a local-denial-of-service (panic). A fix was released in 3.1.9. Users should upgrade ...
CVE-2011-3353
CVE-2011-3353 : In the Linux kernel, a buffer/length handling issue in fuse_notify_inval_entry (fs/fuse/dev.c) before 3.1 can allow a local attacker mounting a FUSE filesystem to trigger a BUG_ON and system crash, i.e., local denial of service. Public advisories (e.g., OpenSUSE, Red Hat/Oracle/Li...
CVE-2012-1090
CVE-2012-1090 affects the Linux kernel: the cifs_lookup function in fs/cifs/dir.c can trigger a local denial of service (OOPS) when a local user accesses a specially crafted file (e.g., a FIFO). The issue exists in kernel versions prior to 3.2.10. Exploitation requires local access. The documente...
CVE-2011-3363
The CVE-2011-3363 issue affects the Linux kernel up to version 2.6.38, specifically the setup_cifs_sb function in fs/cifs/connect.c. The root cause is improper handling of DFS referrals, enabling a remote CIFS server to trigger a denial-of-service (system crash) by placing a referral at the root ...
CVE-2011-3637
CVE-2011-3637 is a vulnerability in the Linux kernel where the m_stop function in fs/proc/task_mmu.c can trigger an OOPS via vectors that cause an m_start error. Affected: Linux kernel versions prior to 2.6.39 (i.e., 2.6.38 and earlier). Impact: local denial of service (kernel oops) without remot...
CVE-2012-1146
The vulnerability CVE-2012-1146 affects the Linux kernel, specifically mem_cgroup_usage_unregister_event in mm/memcontrol.c, when running versions before 3.2.10. The issue arises from how multiple events attached to the same eventfd are handled, enabling a local attacker to trigger a NULL pointer...
CVE-2011-3359
CVE-2011-3359 affects the Linux kernel (pre-2.6.39), specifically the b43 wireless driver. The dma_rx path does not allocate receive buffers properly, enabling remote attackers to crash the system via a crafted frame (DoS). Affected code is in drivers/net/wireless/b43/dma.c. Remediation: upgrade ...
CVE-2012-2123
CVE-2012-2123 affects the Linux kernel up to version 3.3.3, where cap_bprm_set_creds in security/commoncap.c mishandles file-system capabilities (fcaps) for implementing a privileged executable. This can let local users bypass personality restrictions via a crafted application, demonstrated by an...
CVE-2011-1573
CVE-2011-1573: Linux kernel SCTP (net/sctp/sm_make_chunk.c) can OOPs DoS when addip_enable and auth_enable are used because INIT/INIT-ACK length calculation ignores zero padding. Affects kernels before 2.6.34; patch/fix shipped in 2.6.34+. vulnerable component/file: sm_make_chunk.c; impact: denia...
CVE-2011-4326
CVE-2011-4326 affects the Linux kernel’s UDP fragment handling for IPv6 when UDP Fragmentation Offload (UFO) is enabled. Specifically, the vulnerability lies in udp6_ufo_fragment in net/ipv6/udp.c, allowing remote attackers to crash the system by sending fragmented IPv6 UDP packets to a bridge. T...
CVE-2012-0044
CVE-2012-0044 is an integer overflow in drm_mode_dirtyfb_ioctl() within Linux kernel drivers/gpu/drm/drm_crtc.c, vulnerable before 3.1.5. The flaw allows local users to gain privileges or trigger memory corruption/DoS via a crafted ioctl. Public sources (including MiracleLinux AXSA-2012-646:05) c...
CVE-2012-3552
The CVE-2012-3552 issue is a race condition in the Linux kernel IP implementation that exists in versions before 3.0. According to the connected documents, remote attackers could trigger a denial of service (slab corruption and system crash) by sending packets to an application that sets socket o...
CVE-2011-4081
CVE-2011-4081 affects the Linux kernel crypto/ghash-generic.c. The vulnerability arises when a missing or failed ghash_setkey is followed by ghash_update or ghash_final (demonstrated via AF_ALG socket write), potentially causing a NULL pointer dereference and OOPS. Connected advisories (e.g., Mir...
CVE-2010-4563
The Connected documents provide concrete detail for CVE-2010-4563: when the Linux kernel handles IPv6, an attacker can probe for sniffing by sending an ICMPv6 Echo Request to a multicast address and observing whether an Echo Reply is returned (as shown by thcping). This affects the Linux kernel’s...
CVE-2011-4097
CVE-2011-4097 affects the Linux kernel up to version 3.1.8 on 64-bit systems. The vulnerability is due to an integer overflow in the oom_badness function (mm/oom_kill.c), which can allow a local user to trigger memory exhaustion or terminate processes, resulting in a denial of service. The root c...
CVE-2011-4594
The CVE-2011-4594 entry documents a local kernel vulnerability in the Linux kernel (__sys_sendmsg in net/socket.c) where crafted usage of sendmmsg can trigger an incorrect pointer dereference and crash the system. It affects kernel versions before 3.1, with the described impact being a denial of ...
CVE-2011-2898
CVE-2011-2898 concerns the Linux kernel AF_PACKET implementation. The flaw allows local users to read potentially sensitive kernel memory by exploiting inadequate restrictions on VLAN Tag Control Information data structures. The vulnerability is described as a kernel information leak in the AF_PA...
CVE-2011-4611
The CVE-2011-4611 entry relates to the Linux kernel on POWERPC where an integer overflow in perf_event_interrupt (arch/powerpc/kernel/perf_event.c) before version 2.6.39 can allow a local user to trigger a denial of service via performance-event handling. Affected: Linux kernel releases prior to ...
CVE-2011-4080
CVE-2011-4080 affects the Linux kernel: sysrq_sysctl_handler in kernel/sysctl.c did not require CAP_SYS_ADMIN to modify dmesg_restrict, enabling local users (e.g., in LXC) to bypass restrictions and read the kernel ring buffer with root privileges. Public sources (Red Hat, SUSE, NVD) cite impact ...
CVE-2011-2521
Linux kernel Performance Events vulnerability CVE-2011-2521: the x86_assign_hw_event path in arch/x86/kernel/cpu/perf_event.c miscalculates counter values, allowing a local user to trigger a denial of service (kernel panic) via the perf tool. Affected: Linux kernel before 2.6.39. Root cause: inco...
CVE-2011-2707
The CVE-2011-2707 entry affects the Linux kernel's arch/xtensa/kernel/ptrace.c, where the ptrace_setxregs() function does not validate user-space pointers. This allows a local user to read kernel memory via a crafted PTRACE_SETXTREGS request, as described for Linux kernel versions before 3.1. Pub...
CVE-2011-2518
The CVE-2011-2518 entry concerns the Linux kernel code path security/tomoyo/mount.c: tomoyo_mount_acl calls kern_path with arguments from the mount system call. This allows local users to trigger a denial of service (OOPS) or possibly other impact via a NULL device name in kernels before 2.6.39.2...
CVE-2011-4112
CVE-2011-4112 affects the Linux kernel net subsystem prior to 3.1. The issue arises from improper restriction of the IFF_TX_SKB_SHARING flag, enabling local users with CAP_NET_ADMIN to access /proc/net/pktgen/pgctrl and, using the pktgen package with a bridge device for a VLAN interface, trigger ...
CVE-2011-2906
The issue is an integer signedness error in the Linux kernel's pmcraid_ioctl_passthrough under drivers/scsi/pmcraid.c, affecting pre-3.1 kernels. It may allow local attackers to cause denial of service via a negative size value in an ioctl call, typically in environments with a privileged program...
CVE-2012-0058
The CVE-2012-0058 issue affects the Linux kernel up to version 3.2.2, in the kiocb_batch_free function of fs/aio.c, caused by incorrect iocb management. It allows local attackers to cause a denial of service (OOPS). Impact is confined to local execution, with availability as the primary effect de...