Linux Kernel Security Vulnerabilities and Issues — Linux Kernel CVE List

Lucene search

LinuxLinux Kernel

16 matches found

CVE•added 2006/01/03 4:0 p.m.•71 views

CVE-2005-4605

The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value.

2.1CVSS4.6AI score0.00985EPSS

CVE•added 2006/01/23 10:0 p.m.•66 views

CVE-2005-3356

The mq_open system call in Linux kernel 2.6.9, in certain situations, can decrement a counter twice ("double decrement") as a result of multiple calls to the mntput function when the dentry_open function call fails, which allows local users to cause a denial of service (panic) via unspecified attac...

2.1CVSS4.5AI score0.00068EPSS

CVE•added 2006/01/05 11:0 a.m.•59 views

CVE-2005-4618

Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows local users to corrupt user memory and possibly cause a denial of service via a long string, which causes sysctl to write a zero byte outside the buffer. NOTE: since the sysctl is called from a userland program that provides the...

3.6CVSS5.4AI score0.00139EPSS

CVE•added 2006/01/31 7:3 p.m.•57 views

CVE-2006-0482

Linux kernel 2.6.15.1 and earlier, when running on SPARC architectures, allows local users to cause a denial of service (hang) via a "date -s" command, which causes invalid sign extended arguments to be provided to the get_compat_timespec function call.

2.1CVSS5.1AI score0.00066EPSS

CVE•added 2006/01/06 11:3 a.m.•56 views

CVE-2006-0095

dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key.

2.1CVSS4.8AI score0.00132EPSS

CVE•added 2006/01/10 11:0 a.m.•50 views

CVE-2005-4639

Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST Frontend/Card in Linux kernel 2.6.12 and other versions before 2.6.15 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by "reading more than 8 bytes into an 8 byte long array".

4.6CVSS7.4AI score0.00125EPSS

CVE•added 2006/01/06 11:3 a.m.•50 views

CVE-2006-0096

wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 does not require the CAP_SYS_RAWIO privilege for an SDLA firmware upgrade, with unknown impact and local attack vectors. NOTE: further investigation suggests that this issue requires root privileges to exploit, since it is prote...

7.2CVSS5.1AI score0.00053EPSS

CVE•added 2006/01/23 10:0 p.m.•49 views

CVE-2002-1571

The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers.

2.1CVSS6.1AI score0.00075EPSS

CVE•added 2006/01/09 8:0 p.m.•49 views

CVE-2005-4351

The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running.

4.3CVSS6.5AI score0.00126EPSS

CVE•added 2006/01/27 10:0 p.m.•48 views

CVE-2002-1573

Unspecified vulnerability in the pcilynx ieee1394 firewire driver (pcilynx.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors, related to "wrap handling."

10CVSS6.4AI score0.00437EPSS

CVE•added 2006/01/23 10:3 p.m.•48 views

CVE-2006-0037

ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and other versions, allows local users to cause a denial of service (memory corruption or crash) via a crafted outbound packet that causes an incorrect offset to be calculated from pointer arithmetic when no...

4.9CVSS6.3AI score0.00058EPSS

CVE•added 2006/01/27 10:0 p.m.•46 views

CVE-2002-1572

Signed integer overflow in the bttv_read function in the bttv driver (bttv-driver.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors.

10CVSS6.7AI score0.00437EPSS

CVE•added 2006/01/11 9:3 p.m.•43 views

CVE-2006-0035

The netlink_rcv_skb function in af_netlink.c in Linux kernel 2.6.14 and 2.6.15 allows local users to cause a denial of service (infinite loop) via a nlmsg_len field of 0.

4.9CVSS6.1AI score0.00047EPSS

CVE•added 2006/01/09 11:0 a.m.•42 views

CVE-2005-4635

The nl_fib_input function in fib_frontend.c in the Linux kernel before 2.6.15 does not check for valid lengths of the header and payload, which allows remote attackers to cause a denial of service (invalid memory reference) via malformed fib_lookup netlink messages.

5CVSS6.6AI score0.01476EPSS

CVE•added 2006/01/23 10:3 p.m.•41 views

CVE-2006-0036

ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and other versions, allows remote attackers to cause a denial of service (memory corruption or crash) via an inbound PPTP_IN_CALL_REQUEST packet that causes a null pointer to be used in an offset calculation...

7.8CVSS6.8AI score0.01221EPSS

CVE•added 2006/01/09 8:0 p.m.•39 views

CVE-2005-4352

The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 19...

2.1CVSS6.3AI score0.00106EPSS