Linux Kernel Security Vulnerabilities and Issues — Linux Kernel CVE List

Lucene search

LinuxLinux Kernel

9 matches found

CVE•added 2009/04/27 6:0 p.m.•121 views

CVE-2009-1439

Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect response to an SMB mount request.

7.8CVSS4.8AI score0.02344EPSS

CVE•added 2009/04/24 3:30 p.m.•110 views

CVE-2009-1192

The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by re...

4.9CVSS4.4AI score0.0009EPSS

CVE•added 2009/04/22 3:30 p.m.•98 views

CVE-2009-1336

fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service (OOPS) via a long filename, related to the encode_lookup function.

4.9CVSS4.3AI score0.00057EPSS

CVE•added 2009/04/22 3:30 p.m.•89 views

CVE-2009-1338

The kill_something_info function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary signals to all processes in all namespaces, via ...

4.6CVSS4.2AI score0.00083EPSS

CVE•added 2009/04/22 3:30 p.m.•87 views

CVE-2009-1337

The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec syste...

4.4CVSS5.3AI score0.00298EPSS

CVE•added 2009/04/06 2:30 p.m.•74 views

CVE-2009-1242

The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended Feature Enable Regist...

4.9CVSS4.2AI score0.00068EPSS

CVE•added 2009/04/08 1:30 a.m.•74 views

CVE-2009-1265

Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel 2.6.24.4, and other versions before 2.6.30-rc1, might allow remote attackers to obtain sensitive information via a large length value, which causes "garbage" memory to be sent.

5CVSS4.2AI score0.02342EPSS

CVE•added 2009/04/22 3:30 p.m.•67 views

CVE-2009-1360

The __inet6_check_established function in net/ipv6/inet6_hashtables.c in the Linux kernel before 2.6.29, when Network Namespace Support (aka NET_NS) is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via vectors involving IPv6 packets.

7.1CVSS4.3AI score0.01773EPSS

CVE•added 2009/04/06 2:30 p.m.•51 views

CVE-2009-1243

net/ipv4/udp.c in the Linux kernel before 2.6.29.1 performs an unlocking step in certain incorrect circumstances, which allows local users to cause a denial of service (panic) by reading zero bytes from the /proc/net/udp file and unspecified other files, related to the "udp seq_file infrastructure....

5.5CVSS5.2AI score0.00073EPSS