Linux Kernel Security Vulnerabilities and Issues — Linux Kernel CVE List

Lucene search

LinuxLinux Kernel

11 matches found

CVE•added 2012/10/03 11:2 a.m.•162 views

CVE-2011-1833

Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.

3.3CVSS6.7AI score0.00031EPSS

CVE•added 2012/10/03 11:2 a.m.•113 views

CVE-2012-3400

Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem.

7.6CVSS7.9AI score0.0748EPSS

CVE•added 2012/10/03 11:2 a.m.•96 views

CVE-2012-3412

The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value.

7.8CVSS6AI score0.05802EPSS

CVE•added 2012/10/03 11:2 a.m.•87 views

CVE-2011-3209

The div_long_long_rem implementation in include/asm-x86/div64.h in the Linux kernel before 2.6.26 on the x86 platform allows local users to cause a denial of service (Divide Error Fault and panic) via a clock_gettime system call.

4.9CVSS7.2AI score0.00168EPSS

CVE•added 2012/10/03 11:2 a.m.•84 views

CVE-2012-3375

The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a c...

4.9CVSS7.2AI score0.00182EPSS

CVE•added 2012/10/03 11:2 a.m.•81 views

CVE-2012-3430

The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket.

2.1CVSS5.1AI score0.00197EPSS

CVE•added 2012/10/04 3:28 a.m.•80 views

CVE-2012-3511

Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call.

6.2CVSS6.8AI score0.00066EPSS

CVE•added 2012/10/03 11:2 a.m.•71 views

CVE-2012-3552

Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic.

7.1CVSS5.4AI score0.02043EPSS

CVE•added 2012/10/03 11:2 a.m.•60 views

CVE-2012-3510

Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command.

5.6CVSS6.8AI score0.0009EPSS

CVE•added 2012/10/03 11:2 a.m.•59 views

CVE-2012-3520

The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager.

1.9CVSS6.8AI score0.00062EPSS

CVE•added 2012/10/10 9:55 p.m.•47 views

CVE-2012-4467

The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a crafted ioctl call.

6.6CVSS6.2AI score0.00049EPSS