Linux Kernel Security Vulnerabilities and Issues — Linux Kernel CVE List

Lucene search

LinuxLinux Kernel

7 matches found

CVE•added 2009/07/16 3:30 p.m.•107 views

CVE-2009-1895

The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduc...

7.2CVSS5.5AI score0.0006EPSS

CVE•added 2009/07/31 7:0 p.m.•106 views

CVE-2009-2406

Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related t...

6.9CVSS5.9AI score0.00252EPSS

CVE•added 2009/07/31 7:0 p.m.•87 views

CVE-2009-2407

Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to ...

6.9CVSS5.9AI score0.00281EPSS

CVE•added 2009/07/20 5:30 p.m.•63 views

CVE-2009-1897

The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in the Linux kernel 2.6.30 and 2.6.30.1, when the -fno-delete-null-pointer-checks gcc option is omitted, allows local users to gain privileges via vectors involving a NULL pointer dereference and an mmap of /dev/net/tun, a differen...

6.9CVSS7.1AI score0.03337EPSS

CVE•added 2009/07/05 4:30 p.m.•62 views

CVE-2009-1388

The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace system call and a coredumping thread.

5.5CVSS5AI score0.00059EPSS

CVE•added 2009/07/01 1:0 p.m.•55 views

CVE-2009-2287

The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause a denial of service (crash or hang) via a crafted cr3 value, which triggers a NULL p...

4.9CVSS6.8AI score0.00064EPSS

CVE•added 2009/07/23 8:30 p.m.•43 views

CVE-2009-2584

Off-by-one error in the options_write function in drivers/misc/sgi-gru/gruprocfs.c in the SGI GRU driver in the Linux kernel 2.6.30.2 and earlier on ia64 and x86 platforms might allow local users to overwrite arbitrary memory locations and gain privileges via a crafted count argument, which trigger...

7.2CVSS7.3AI score0.00072EPSS