Linux Kernel Security Vulnerabilities and Issues — Linux Kernel CVE List

Lucene search

LinuxLinux Kernel

10 matches found

CVE•added 2014/07/03 4:22 a.m.•122 views

CVE-2014-4608

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO alg...

7.5CVSS5.7AI score0.08071EPSS

CVE•added 2014/07/03 4:22 a.m.•113 views

CVE-2014-4656

Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl...

4.6CVSS5.6AI score0.00075EPSS

CVE•added 2014/07/19 7:55 p.m.•110 views

CVE-2014-4943

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.

6.9CVSS6.3AI score0.01034EPSS

CVE•added 2014/07/03 4:22 a.m.•109 views

CVE-2014-4653

sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX acce...

4.6CVSS5.1AI score0.00066EPSS

CVE•added 2014/07/09 11:7 a.m.•107 views

CVE-2014-4699

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double f...

6.9CVSS6.1AI score0.01001EPSS

CVE•added 2014/07/03 4:22 a.m.•106 views

CVE-2014-4654

The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and sys...

4.6CVSS5.7AI score0.00066EPSS

CVE•added 2014/07/03 4:22 a.m.•98 views

CVE-2014-4652

Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.

1.9CVSS5.6AI score0.00051EPSS

CVE•added 2014/07/03 4:22 a.m.•98 views

CVE-2014-4655

The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX ...

4.9CVSS5.8AI score0.00038EPSS

CVE•added 2014/07/03 4:22 a.m.•92 views

CVE-2014-4667

The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.

5CVSS5.2AI score0.14138EPSS

CVE•added 2014/07/03 4:22 a.m.•91 views

CVE-2014-4611

Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption)...

5CVSS7.7AI score0.14397EPSS