91 matches found
CVE-2009-1389
CVE-2009-1389 is a vulnerability in the Linux kernel RTL8169 NIC driver (drivers/net/r8169.c). A crafted long Ethernet frame can cause a buffer overflow, leading to kernel memory corruption and a crash (remote DoS) on affected systems. The issue affects kernels before 2.6.30; exploitation require...
CVE-2009-2406
CVE-2009-2406 refers to a stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c of the Linux kernel before 2.6.30.4. The issue arises from not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size, enabling l...
CVE-2004-1235
CVE-2004-1235 documents a race condition in the Linux kernel (load_elf_library and binfmt_aout paths used by uselib) affecting 2.4 (through 2.429-rc2) and 2.6 (through 2.6.10). Exploitation allows a local user to execute arbitrary code by manipulating the VMA descriptor. The initial description p...
CVE-2008-1673
The CVE-2008-1673 vulnerability affects the Linux kernel ASN.1 BER decoding in CIFS and ip_nat_snmp_basic modules (and gxsnmp). Root cause: improper validation of ASN.1 BER lengths, enabling a remote attacker to crash the system or execute arbitrary code via: (1) a length greater than the working...
CVE-2008-1669
Summary: CVE-2008-1669 affects the Linux kernel and arises from inadequate protection for fcntl in 2.6.x kernels prior to 2.6.25.2. The issue enables local users to (1) execute code in parallel and (2) trigger a race that can give re-ordered access to the descriptor table. Evidence in connected a...
CVE-2007-2453
CVE-2007-2453 concerns the Linux kernel RNG. Affected: Linux kernel 2.6 before 2.6.20.13 and 2.6.21.x before 2.6.21.4. Root cause: the entropy pool was not properly seeded when no entropy source, and entropy was extracted using an incorrect cast, which might cause the RNG to produce identical val...
CVE-2004-0949
CVE-2004-0949 affects the Samba filesystem smbfs in Linux kernel 2.4/2.6, where smb_recv_trans2 fails to reassemble fragmented packets, allowing a remote attacker via the network to read arbitrary kernel information or to inflate a counter by replaying the first fragment. Public advisories (RHSA,...
CVE-2004-1335
The CVE-2004-1335 entry describes a memory leak in the Linux kernel’s ip_options_get function (pre-2.6.10) that can cause local denial of service via repeated ip_cmsg_send calls. Affected component is the kernel networking stack; impact is partial availability due to memory exhaustion. The vulner...
CVE-2006-1056
CVE-2006-1056 : A vulnerability in the Linux kernel (before 2.6.16.9) and FreeBSD on AMD64/7th–8th gen AMD processors causes FXSAVE/FXRSTOR to save/restore only certain x87 registers when an exception is pending. This can allow a local attacker to infer portions of the floating‑point state of oth...
CVE-2004-0077
CVE-2004-0077 corresponds to a bounds-checking flaw in the Linux kernel mremap implementation (2.2 to 2.6.2). The issue arises when do_munmap return value is not properly checked after exceeding the maximum VMA descriptors, enabling a local attacker to gain root privileges. Connected advisories c...
CVE-2004-1073
The CVE-2004-1073 entry affects the Linux kernel (2.4.x up to 2.4.27 and 2.6.x up to 2.6.8). It is caused by the open_exec path of the execve functionality (exec.c), where the interpreter (PT_INTERP) handling can allow local users to read non-readable ELF binaries. The description specifies local...
CVE-2004-0883
CVE-2004-0883 concerns multiple vulnerabilities in the Samba filesystem (smbfs) within the Linux kernel (versions 2.4 and 2.6). The description states that remote Samba servers could cause a denial of service (kernel crash) or information disclosure by triggering one of several flawed packet-hand...
CVE-2004-2660
CVE-2004-2660 is a vulnerability in the Linux kernel (2.6.x) where a memory leak in direct-io.c affects O_DIRECT write paths. Impact is local denial of service through memory consumption. The issue is fixed in the 2.6.10 update (as reflected by the ChangeLog-2.6.10 and related advisories); apply ...
CVE-2005-2458
CVE-2005-2458 affects the Linux kernel where inflate.c in the zlib routines used by the kernel before 2.6.12.5 can be exploited by remote attackers to crash the kernel via a crafted compressed file (improper tables). The connected advisories confirm this vulnerability across multiple distribution...
CVE-2004-0186
CVE-2004-0186 is a local privilege-escalation in Samba (2.x/3.x) on Linux 2.6 where the setuid-smounted utility smbmnt can be exploited: when a setuid root binary is present on a mounted share, a local user can execute it to gain root privileges. The underlying issue is that setuid attributes are...
CVE-2004-1072
CVE-2004-1072 describes a vulnerability in the Linux kernel where the binfmt_elf loader (binfmt_elf.c) may create an interpreter name string that is not NULL terminated, allowing strings longer than PATH_MAX to be used. This can cause buffer overflows that may lead to a local denial of service (h...
CVE-2004-1070
Technical details (affected kernel versions, vulnerable component, impact, or remediation) are not publicly available in the provided documents. Monitor for updates.
CVE-2006-3468
CVE-2006-3468 affects the Linux kernel 2.6.x when NFS and EXT3 are used. A remote attacker can trigger a denial of service by sending a crafted UDP packet containing a V2 lookup procedure that specifies a bad file handle (inode number). This triggers an error and causes the exported directory to ...
CVE-2007-2876
CVE-2007-2876 affects Linux kernel SCTP Netfilter connection-tracking code (ip_conntrack_proto_sctp.c and nf_conntrack_proto_sctp.c). A remote attacker can trigger a denial of service by causing certain invalid SCTP states that lead to a NULL pointer dereference. Impact is a complete availability...
CVE-2007-5093
The CVE-2007-5093 issue affects the Linux kernel pwc (Philips USB Webcam) driver in 2.6.x up to 2.6.22.5, where disconnect relies on user space to close the device. This can allow a user-assisted local attacker to cause a denial of service (USB subsystem hang and khubd CPU usage) by not closing t...
CVE-2006-2444
CVE-2006-2444 affects the Linux kernel SNMP NAT Netfilter processing. The vulnerability in snmp_trap_decode (kernel = 2.6.16.18) or applying vendor patches where applicable. No additional exploitation details are provided in the documents.
CVE-2004-0814
CVE-2004-0814 describes race conditions in the Linux terminal layer (kernel 2.4.x and 2.6.x prior to 2.6.9). Root causes include a TIOCSETD ioctl race on a terminal interface accessed by multiple threads and a separate race when switching from console to PPP line discipline, which could allow loc...
CVE-2005-2490
CVE-2005-2490 describes a stack-based buffer overflow in the Linux kernel 2.6 sendmsg() path prior to 2.6.13.1. Local users could cause arbitrary code execution by calling sendmsg and altering message contents in another thread. Public sources in the connected documents corroborate the vulnerabil...
CVE-2006-1052
CVE-2006-1052 affects SELinux ptrace logic in SELinux for Linux 2.6.6. It allows local users with ptrace permissions to change the tracer SID to the SID of another process (local privilege impact). Public advisories (e.g., Debian DSA-1184-1/DSA-1184-2 and RHSA-2006:0575) indicate kernel updates m...
CVE-2006-5823
CVE-2006-5823 is a Linux kernel issue affecting the cramfs file system in 2.6.x where malformed compressed data can trigger memory corruption, leading to a local-denial crash. Connected advisories (RHSA-2007:0436, RHSA-2007:0014, and corresponding openvas entries) enumerate the cramfs memory corr...
CVE-2004-1137
CVE-2004-1137 affects the Linux kernel 2.4.x (2.4.22–2.4.28) and 2.6.x (up to 2.6.9). The flaws are in IGMP handling (ip_mc_source decrements a counter to -1; igmp_marksources may perform an out-of-bounds read), allowing local or remote attackers to cause denial of service or potentially execute ...
CVE-2005-0178
CVE-2005-0178 describes a race condition in the setsid() handling of the Linux kernel before 2.6.8.1. Local users could crash the kernel and potentially access portions of kernel memory related to TTY changes, locking, and semaphores. Affected software: Linux kernel versions prior to 2.6.8.1 (per...
CVE-2005-0504
CVE-2005-0504 is a buffer overflow in the MoxaDriverIoctl function of the MOXA serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x prior to 2.6.22. This vulnerability could allow a local unprivileged user to execute arbitrary code via a modified length value. The CVE is referenced in multiple...
CVE-2005-1768
The CVE-2005-1768 issue is a race condition in the Linux kernel’s IA32 (x86) compatibility execve() handling, affecting amd64/Intel EM64T and Itanium platforms. A concurrent thread can increment a pointer count after nargs has counted pointers but before copying from user space to kernel space, l...
CVE-2004-0685
The CVE-2004-0685 issue affects Linux kernel 2.4 USB drivers that use copy_to_user on uninitialized structures, enabling local attackers to read memory not cleared from prior usage and potentially leak sensitive information. The description specifies local/partial impacts on confidentiality and i...
CVE-2006-3741
CVE-2006-3741 concerns the perfmonctl (sys_perfmonctl) system call in Linux kernels 2.4.x and 2.6.x prior to 2.6.18 on Itanium. The issue is an improper reference-count accounting for file descriptors, which can allow local users to exhaust file descriptors and cause a denial of service. The desc...
CVE-2005-0815
CVE-2005-0815 affects the Linux kernel iso9660 filesystem handler in versions up to 2.6.11 (and earlier). The issue is described as multiple range-checking flaws in the ISO-9660 file system code, which could be triggered by mounting a crafted/corrupted ISO image on CD-ROM. Impact stated in connec...
CVE-2005-3359
CVE-2005-3359 affects Linux kernel 2.6.x (atm module) where certain socket calls can produce inconsistent references counts on loadable protocol modules, enabling a local user to trigger a denial of service (panic). Publicly documented in Debian/DSA-1103-1 and Red Hat/CESA-RHSA-2006:0493 style ad...
CVE-2005-3660
CVE-2005-3660 affects the Linux kernel 2.4.x and 2.6.x. The vulnerability occurs when a process creates a large number of connected file descriptors or socketpairs and uses a large data transfer buffer, which can exhaust memory and cause a kernel panic or denial of service. The underlying issue c...
CVE-2006-1856
CVE-2006-1856 is a confirmed issue in the Linux kernel up to 2.6.8 where the readv and writev LSM hooks could be bypassed due to a missing file_permission check. The Debian advisory DSA-1184-2 and related distributions (e.g., Ubuntu USN-302-1) document this as one of several vulnerabilities fixed...
CVE-2005-2555
CVE-2005-2555 affects the Linux kernel 2.6.x line. The issue is that socket policy access is not properly restricted to users with the CAP_NET_ADMIN capability, potentially allowing local users to perform unauthorized activities. The vulnerability is associated with the IPv4 and IPv6 socket glue ...
CVE-2005-4811
CVE-2005-4811 concerns the Linux 2.6 kernel hugepage code (hugetlb.c). In certain configurations, a local user could trigger an mmap error before a prefault, causing an error in unmap_hugepage_area and potentially crash the system (local DoS). The connected advisories confirm this as a kernel fla...
CVE-2006-1528
CVE-2006-1528 affects the Linux kernel prior to 2.6.13. The vulnerability arises in the sg (SCSI generic) driver’s handling of memory-mapped I/O space during a dio transfer, allowing a local user to trigger a crash ( Denial of Service ). The connected documents confirm the issue is located in the...
CVE-2006-2071
CVE-2006-2071 affects Linux kernels 2.4.x and 2.6.x up to 2.6.16. It arises from a flaw in the mprotect handling that allowed a local user to grant write permission to a read-only attachment of a shared memory segment, bypassing IPC permissions and enabling modification of the attachment. Reporte...
CVE-2006-2448
Concrete details found: CVE-2006-2448 affects the Linux kernel on PowerPC, specifically versions before 2.6.16.21 and 2.6.17. The root cause is missing access_ok checks in PowerPC signal handling (signal_64.c, potentially signal_32.c). Impact as stated: local users could read arbitrary kernel mem...
CVE-2006-5757
CVE-2006-5757 is a local privilege vulnerability in the Linux kernel (2.6.x) related to the __find_get_block_slow function within the ISO9660 filesystem. The issue allows a local user to trigger a denial of service (infinite loop) by mounting a crafted ISO9660 image containing malformed data stru...
CVE-2004-1056
CVE-2004-1056 involves the Direct Rendering Manager (DRM) drivers in Linux kernel 2.6. It is caused by insufficient DMA lock checking, which could allow an authorized client to send arbitrary values to the video card, potentially causing an X server crash or modifying the video output. The vulner...
CVE-2006-0744
CVE-2006-0744 affects the Linux kernel before 2.6.16.5. The issue arises from handling uncanonical return addresses on Intel EM64T CPUs, where an exception is reported in SYSRET instead of the next instruction, causing the kernel exception handler to run on the user stack with an incorrect GS. Im...
CVE-2007-6694
CVE-2007-6694 : A NULL pointer dereference in the CHRP PowerPC kernel code (chrp_show_cpuinfo in setup.c) may be triggered when of_get_property fails, potentially enabling a local denial-of-service (crash) on Linux kernel 2.4.21–2.6.18-53 running on PowerPC. Connected advisories (RHSA/ELSA) indic...
CVE-2004-1237
CVE-2004-1237 : A vulnerability in the system call filtering code of the Red Hat Enterprise Linux 3 audit subsystem could allow a local user to cause a denial of service (system crash) when auditing is enabled. The issue is addressed in the Red Hat kernel security advisory RHSA-2005:043, which up...
CVE-2005-3044
CVE-2005-3044 affects the Linux kernel prior to 2.6.13.2. Vulnerabilities arise from (1) fput in a 32-bit ioctl on 64-bit x86 systems and (2) sockfd_put in the 32-bit routing_ioctl function on 64-bit systems, enabling local attackers to trigger a kernel OOPS and cause a denial of service. Remedia...
CVE-2006-1066
CVE-2006-1066 is tied to the Linux kernel prior to 2.6.16 on x86_64 with preemption enabled. The vulnerability allows a local attacker to trigger a denial of service (oops) by using multiple ptrace tasks performing single steps, which can cause corruption of the DEBUG_STACK stack during the do_de...
CVE-2004-1016
CVE-2004-1016 affects the Linux kernel (2.4.x up to 2.4.28 and 2.6.x up to 2.6.9) where the scm_send function in the kernel SCM layer can be triggered by local users. By crafting auxiliary messages passed to sendmsg, this can lead to a deadlock and a system hang (denial of service). Public record...
CVE-2005-2459
CVE-2005-2459 affects the Linux kernel prior to 2.6.12.5, where the huft_build function in inflate.c of the zlib routines returns the wrong value. This bug allows remote attackers to crash the kernel via a specially crafted compressed file, causing a null pointer dereference (a denial of service)...
CVE-2005-2492
CVE-2005-2492 affects the Linux kernel 2.6 series prior to 2.6.13.1. The raw_sendmsg function can be exploited by a local user to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input. Documented in multiple advisories (e.g., Mandriva MDKSA-2005:235; SU...