Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
LinuxLinux Kernel3.3.1

119 matches found

CVE
CVEadded 2013/09/16 1:1 p.m.80 views

CVE-2013-2895

drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or obtain sensitive information from kernel me...

5.4CVSS6.1AI score0.00069EPSS
CVE
CVEadded 2013/11/04 3:55 p.m.80 views

CVE-2013-4483

The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application.

4.9CVSS5.3AI score0.00092EPSS
CVE
CVEadded 2012/07/03 4:40 p.m.79 views

CVE-2012-2133

Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges by interacting with a hugetlbfs filesystem, as demonstrated by a umount operation that triggers improper handling of...

4CVSS5.5AI score0.0008EPSS
CVE
CVEadded 2013/03/15 8:55 p.m.78 views

CVE-2012-6537

net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.

1.9CVSS5.6AI score0.0008EPSS
CVE
CVEadded 2013/03/01 12:37 p.m.78 views

CVE-2013-0228

The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel before 3.7.9 on 32-bit Xen paravirt_ops platforms does not properly handle an invalid value in the DS segment register, which allows guest OS users to gain guest OS privileges via a crafted application.

6.2CVSS6.5AI score0.00091EPSS
CVE
CVEadded 2014/01/06 4:55 p.m.78 views

CVE-2013-7269

The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, o...

4.9CVSS4.7AI score0.00048EPSS
CVE
CVEadded 2014/05/26 10:55 p.m.77 views

CVE-2012-6647

The futex_wait_requeue_pi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a craf...

4.9CVSS6.6AI score0.00046EPSS
CVE
CVEadded 2014/01/06 4:55 p.m.77 views

CVE-2013-7267

The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, o...

4.9CVSS4.7AI score0.00046EPSS
CVE
CVEadded 2014/01/06 4:55 p.m.77 views

CVE-2013-7271

The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3)...

4.9CVSS4.7AI score0.00048EPSS
CVE
CVEadded 2013/03/15 8:55 p.m.76 views

CVE-2012-6547

The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.

1.9CVSS6.1AI score0.00019EPSS
CVE
CVEadded 2013/12/09 6:55 p.m.76 views

CVE-2013-2930

The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application.

3.6CVSS5.9AI score0.00023EPSS
CVE
CVEadded 2013/11/20 1:19 p.m.76 views

CVE-2013-4592

Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots.

4CVSS7.7AI score0.00043EPSS
CVE
CVEadded 2013/02/18 4:41 a.m.75 views

CVE-2013-0160

The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.

2.1CVSS5.6AI score0.00231EPSS
CVE
CVEadded 2013/02/18 4:41 a.m.75 views

CVE-2013-0217

Memory leak in drivers/net/xen-netback/netback.c in the Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (memory consumption) by triggering certain error conditions.

5.2CVSS5.8AI score0.00232EPSS
CVE
CVEadded 2013/04/29 2:55 p.m.75 views

CVE-2013-1928

The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb d...

4.7CVSS5.5AI score0.00077EPSS
CVE
CVEadded 2013/11/12 2:35 p.m.75 views

CVE-2013-4515

The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call.

4.9CVSS6.7AI score0.00042EPSS
CVE
CVEadded 2013/02/22 12:55 a.m.74 views

CVE-2013-0310

The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call.

6.6CVSS5.9AI score0.00044EPSS
CVE
CVEadded 2013/02/18 4:41 a.m.72 views

CVE-2012-4398

The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via a crafted application.

4.9CVSS5.4AI score0.0009EPSS
CVE
CVEadded 2013/02/18 4:41 a.m.72 views

CVE-2012-4530

The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.

2.1CVSS6.7AI score0.00362EPSS
CVE
CVEadded 2013/03/15 8:55 p.m.72 views

CVE-2012-6544

The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation.

1.9CVSS5.5AI score0.00076EPSS
CVE
CVEadded 2012/12/21 11:47 a.m.70 views

CVE-2012-0957

The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality.

4.9CVSS6.7AI score0.00371EPSS
CVE
CVEadded 2013/03/15 8:55 p.m.70 views

CVE-2012-6540

The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.

1.9CVSS5.5AI score0.00058EPSS
CVE
CVEadded 2013/02/18 4:41 a.m.70 views

CVE-2013-0216

The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption.

5.2CVSS5.7AI score0.00076EPSS
CVE
CVEadded 2013/07/15 8:55 p.m.70 views

CVE-2013-4125

The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack in the Linux kernel through 3.10.1 does not properly handle Router Advertisement (RA) messages in certain circumstances involving three routes that initially qualified for membership in an ECMP route set until a change occurred f...

5.4CVSS5.8AI score0.01428EPSS
CVE
CVEadded 2013/11/12 2:35 p.m.70 views

CVE-2013-4514

Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_ui...

4.7CVSS7.5AI score0.00045EPSS
CVE
CVEadded 2013/03/15 8:55 p.m.69 views

CVE-2012-6549

The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.

1.9CVSS5.4AI score0.00034EPSS
CVE
CVEadded 2013/12/09 6:55 p.m.69 views

CVE-2013-4270

The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restrictions via a crafted application.

3.6CVSS5.7AI score0.00044EPSS
CVE
CVEadded 2013/11/20 1:19 p.m.69 views

CVE-2013-4591

Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a getxattr system call for the system.nfs4_acl extended at...

6.2CVSS7.8AI score0.00062EPSS
CVE
CVEadded 2013/12/09 6:55 p.m.69 views

CVE-2013-7027

The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header.

6.1CVSS6.7AI score0.00371EPSS
CVE
CVEadded 2013/02/22 12:55 a.m.68 views

CVE-2013-0309

arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial of service (system crash) via a crafted application.

4.7CVSS5.6AI score0.00048EPSS
CVE
CVEadded 2013/02/22 12:55 a.m.68 views

CVE-2013-0313

The evm_update_evmxattr function in security/integrity/evm/evm_crypto.c in the Linux kernel before 3.7.5, when the Extended Verification Module (EVM) is enabled, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via...

6.2CVSS6.7AI score0.00044EPSS
CVE
CVEadded 2013/12/14 6:8 p.m.68 views

CVE-2013-6376

The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode.

5.2CVSS5.8AI score0.00146EPSS
CVE
CVEadded 2012/06/13 10:24 a.m.67 views

CVE-2012-2383

Integer overflow in the i915_gem_execbuffer2 function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platforms allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified...

4.9CVSS6.7AI score0.00064EPSS
CVE
CVEadded 2013/12/09 6:55 p.m.67 views

CVE-2013-6431

The fib6_add function in net/ipv6/ip6_fib.c in the Linux kernel before 3.11.5 does not properly implement error-code encoding, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for an IPv6 SIOCADDRT ioctl cal...

4.7CVSS6.7AI score0.00045EPSS
CVE
CVEadded 2013/03/15 8:55 p.m.66 views

CVE-2012-6539

The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.

1.9CVSS5.4AI score0.00058EPSS
CVE
CVEadded 2013/09/16 1:1 p.m.66 views

CVE-2013-2894

drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LENOVO_TPKBD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.

4.7CVSS5.7AI score0.0007EPSS
CVE
CVEadded 2013/12/09 6:55 p.m.66 views

CVE-2013-7026

Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted application that uses shmctl IPC_RMID operations in conjunction with other shm system call...

4.7CVSS7.7AI score0.00011EPSS
CVE
CVEadded 2012/12/21 11:47 a.m.65 views

CVE-2012-5517

The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator...

4CVSS7.4AI score0.00043EPSS
CVE
CVEadded 2013/09/16 1:1 p.m.65 views

CVE-2013-2898

drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted device.

1.9CVSS6.7AI score0.00063EPSS
CVE
CVEadded 2012/06/13 10:24 a.m.64 views

CVE-2012-2384

Integer overflow in the i915_gem_do_execbuffer function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platforms allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecifi...

4.9CVSS5.9AI score0.00064EPSS
CVE
CVEadded 2013/09/25 10:31 a.m.64 views

CVE-2013-2140

The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka ...

3.8CVSS6.2AI score0.0013EPSS
CVE
CVEadded 2013/09/16 1:1 p.m.64 views

CVE-2013-2896

drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device.

4.7CVSS5.9AI score0.00069EPSS
CVE
CVEadded 2013/03/15 8:55 p.m.63 views

CVE-2012-6541

The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.

1.9CVSS6.1AI score0.00056EPSS
CVE
CVEadded 2013/03/15 8:55 p.m.63 views

CVE-2012-6546

The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.

1.9CVSS5.4AI score0.00032EPSS
CVE
CVEadded 2013/03/15 8:55 p.m.63 views

CVE-2013-2548

The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_N...

2.1CVSS5.3AI score0.00074EPSS
CVE
CVEadded 2013/02/18 11:56 a.m.62 views

CVE-2012-5375

The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with ...

4CVSS5.8AI score0.0008EPSS
CVE
CVEadded 2013/11/12 2:35 p.m.62 views

CVE-2013-4513

Buffer overflow in the oz_cdev_write function in drivers/staging/ozwpan/ozcdev.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted write operation.

4.9CVSS8.6AI score0.00016EPSS
CVE
CVEadded 2013/11/12 2:35 p.m.62 views

CVE-2013-4516

The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.

4.9CVSS6.6AI score0.00039EPSS
CVE
CVEadded 2012/12/27 11:47 a.m.60 views

CVE-2012-5532

The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2...

4.9CVSS5.7AI score0.00096EPSS
CVE
CVEadded 2013/02/19 7:55 p.m.60 views

CVE-2013-0290

The __skb_recv_datagram function in net/core/datagram.c in the Linux kernel before 3.8 does not properly handle the MSG_PEEK flag with zero-length data, which allows local users to cause a denial of service (infinite loop and system hang) via a crafted application.

4.9CVSS5.9AI score0.00036EPSS
Total number of security vulnerabilities119