Lucene search
+L

17 matches found

CVE
CVE
added 2012/08/09 10:0 a.m.143 views

CVE-2012-2136

CVE-2012-2136 affects the Linux kernel prior to 3.4.5. The sock_alloc_send_pskb function does not properly validate a length value, enabling a local user to trigger a heap-based overflow that can crash the system or potentially gain privileges via access to a TUN/TAP device. Affected software is ...

7.2CVSS7.7AI score0.00583EPSS
CVE
CVE
added 2012/10/03 10:0 a.m.134 views

CVE-2012-3412

CVE-2012-3412 affects the sfc (Solarflare Solarstorm) driver in the Linux kernel, specifically versions before 3.2.30. The vulnerability allows remote attackers to trigger a denial of service by sending crafted TCP packets that induce a small MSS value, leading to DMA descriptor consumption and n...

7.8CVSS6AI score0.06158EPSS
CVE
CVE
added 2012/06/13 10:0 a.m.130 views

CVE-2012-2375

CVE-2012-2375 affects the Linux kernel NFSv4 implementation where __nfs4_get_acl_uncached in fs/nfs/nfs4proc.c uses an incorrect length variable during a copy, enabling remote NFS servers to trigger a denial of service (OOPS) by sending excessive bitmap words in an FATTR4_ACL reply. Affected are ...

4.6CVSS7.7AI score0.00979EPSS
CVE
CVE
added 2012/07/03 4:0 p.m.124 views

CVE-2011-4086

The CVE-2011-4086 vulnerability affects the Linux kernel prior to 3.3.1, where journal_unmap_buffer in fs/jbd2/transaction.c mishandles _Delay and _Unwritten journal buffer head states. This can crash the system (local DoS) when an ext4 filesystem is mounted with a journal. Remediation: upgrade t...

4.9CVSS6AI score0.00391EPSS
CVE
CVE
added 2012/10/03 10:0 a.m.123 views

CVE-2012-3511

The CVE-2012-3511 entry maps to the Linux kernel issue in mm/madvise.c: madvise_remove contains race conditions that can be exploited locally to trigger use-after-free and kernel crash, resulting in denial of service via munmap or close. Affected lineage includes kernels before 3.4.5; patches add...

6.2CVSS6.8AI score0.00376EPSS
CVE
CVE
added 2012/06/13 10:0 a.m.121 views

CVE-2012-2313

The CVE-2012-2313 issue affects the Linux kernel up to version 3.3.7, where rio_ioctl in drivers/net/ethernet/dlink/dl2k.c does not restrict access to the SIOCSMIIREG ioctl. This allows local attackers to write data to an Ethernet adapter via an ioctl call. The vulnerability is rooted in insuffic...

1.2CVSS5.5AI score0.00556EPSS
CVE
CVE
added 2012/07/03 4:0 p.m.114 views

CVE-2012-2133

The CVE-2012-2133 issue is a use-after-free in the Linux kernel before 3.3.6 involving hugetlbfs when huge pages are enabled. A local user could crash the system or potentially escalate privileges by interacting with quota data during a umount operation, due to improper handling of quota data in ...

4CVSS5.5AI score0.00345EPSS
CVE
CVE
added 2012/12/21 11:0 a.m.114 views

CVE-2012-4508

CVE-2012-4508 is a race condition in the Linux kernel's ext4 extents handling (fs/ext4/extents.c) that, before version 3.4.16, allows a local unprivileged user to read data from a deleted file by reading an extent that isn’t properly marked uninitialized. The issue is fixed in the 3.4.16 update (...

1.9CVSS5.3AI score0.00285EPSS
CVE
CVE
added 2012/05/17 10:0 a.m.108 views

CVE-2012-1179

CVE-2012-1179 affects the Linux kernel prior to 3.3.1 when KVM is used: guest OS users can trigger a host OS denial of service (host crash) via page faults related to huge pages in pmd_none_or_clear_bad. MiracleLinux and related advisories reference this CVE among fixes in kernel updates before/a...

5.2CVSS7.1AI score0.00607EPSS
CVE
CVE
added 2012/05/17 10:0 a.m.106 views

CVE-2012-2123

CVE-2012-2123 affects the Linux kernel up to version 3.3.3, where cap_bprm_set_creds in security/commoncap.c mishandles file-system capabilities (fcaps) for implementing a privileged executable. This can let local users bypass personality restrictions via a crafted application, demonstrated by an...

7.2CVSS5.7AI score0.00418EPSS
Web
CVE
CVE
added 2012/12/21 11:0 a.m.102 views

CVE-2012-0957

CVE-2012-0957 affects the Linux kernel prior to 3.4.16. The override_release function in kernel/sys.c can let a local user leak kernel stack memory by calling uname with the UNAME26 personality. This is a local-privilege scenario; no remote vector is described in the provided documents. Affected ...

4.9CVSS6.7AI score0.00959EPSS
CVE
CVE
added 2012/06/13 10:0 a.m.95 views

CVE-2012-2383

CVE-2012-2383 affects the Linux kernel DRM/i915 component: an integer overflow in i915_gem_execbuffer2() within drivers/gpu/drm/i915/i915_gem_execbuffer.c. On 32-bit platforms and prior to kernel 3.3.5, this allows a local user to trigger an out-of-bounds write via a crafted ioctl, leading to a p...

4.9CVSS6.7AI score0.00458EPSS
CVE
CVE
added 2012/12/21 11:0 a.m.90 views

CVE-2012-5517

CVE-2012-5517 is referenced in multiple advisories. The connected documents confirm a vulnerability in the Linux kernel before 3.6 where the online_pages function in mm/memory_hotplug.c can be abused by local users to cause a denial of service via a NULL pointer dereference when memory hot-added ...

4CVSS7.4AI score0.00387EPSS
CVE
CVE
added 2012/08/09 10:0 a.m.89 views

CVE-2012-2745

CVE-2012-2745 affects the Linux kernel prior to 3.3.2. The copy_creds function in kernel/cred.c may provide an invalid replacement session keyring to a child process, allowing local users to cause a denial of service (panic) via a crafted fork. Affected: Linux kernel

4.7CVSS6.6AI score0.0038EPSS
CVE
CVE
added 2012/12/27 11:0 a.m.86 views

CVE-2012-5532

The CVE-2012-5532 issue exists in the Linux kernel hypervkvpd hv_kvp_daemon: the main function in tools/hv/hv_kvp_daemon.c allows a local user to trigger a denial of service (daemon exit) via a crafted Netlink message. It is noted as a consequence of an incorrect fix for CVE-2012-2669, and a patc...

4.9CVSS5.7AI score0.00407EPSS
CVE
CVE
added 2012/06/13 10:0 a.m.83 views

CVE-2012-2384

CVE-2012-2384 : Integer overflow in i915_gem_do_execbuffer (drivers/gpu/drm/i915/i915_gem_execbuffer.c) of the Linux kernel before 3.3.5 on 32-bit platforms. Local users may trigger an out-of-bounds write via a crafted ioctl, causing denial of service (and possibly other impact). Affected: DRM/i9...

4.9CVSS5.9AI score0.00357EPSS
CVE
CVE
added 2012/10/10 9:0 p.m.58 views

CVE-2012-4467

The vulnerability CVE-2012-4467 affects the Linux kernel (pre-3.5.4). The affected code paths are the do_siocgstamp and do_siocgstampns functions in net/socket.c, which use an incorrect argument order, enabling local users to either read sensitive kernel memory or trigger a denial of service (sys...

6.6CVSS6.2AI score0.00489EPSS