67 matches found
CVE-2007-6206
CVE-2007-6206 affects the Linux kernel (2.4.x and 2.6.x up to 2.6.24-rc3). The issue lies in the do_coredump function in fs/exec.c, where the core dump file’s UID is not changed if a core dump already exists in the same location when a root-owned process dumps a core. This behavior could allow a ...
CVE-2007-3380
The CVE-2007-3380 vulnerability affects the Linux kernel 2.6.15 Distributed Lock Manager (DLM). A remote attacker who can connect to the DLM port can cause a denial of service, potentially blocking DLM operations and affecting lock services. Connected advisories (RHSA-2007:0940, RHBA-2007:0861, E...
CVE-2007-4573
CVE-2007-4573 - Linux kernel IA32 system call emulation on x86_64 : A flaw in IA32 emulation on 64-bit Linux kernels (2.4.x and 2.6.x up to 2.6.22.7) can allow a local unprivileged user to gain privileges by triggering an out-of-bounds access to the system call table via the %RAX register after t...
CVE-2007-2453
CVE-2007-2453 concerns the Linux kernel RNG. Affected: Linux kernel 2.6 before 2.6.20.13 and 2.6.21.x before 2.6.21.4. Root cause: the entropy pool was not properly seeded when no entropy source, and entropy was extracted using an incorrect cast, which might cause the RNG to produce identical val...
CVE-2007-4567
CVE-2007-4567 affects the Linux kernel (ipv6_hop_jumbo in net/ipv6/exthdrs.c). The vulnerability arises from improper validation of the hop-by-hop IPv6 extended header, enabling remote attackers to trigger a denial of service via a crafted IPv6 packet that can cause a NULL pointer dereference and...
CVE-2007-3104
The vulnerability CVE-2007-3104 affects the Linux kernel 2.6 in use by RHEL 4.5 and similar distros, where sysfs_readdir can dereference a NULL inode in a dentry, causing a kernel OOPS (local access). This denial-of-service risk is described in multiple advisories, with confirmed references to th...
CVE-2007-1357
Technical details about CVE-2007-1357 are not provided in the connected documents; no affected products, root cause, or fixes are listed here. Monitor for updates.
CVE-2007-5966
CVE-2007-5966 is a Linux kernel local privilege escalation: integer overflow in hrtimer_start (kernel/hrtimer.c) before 2.6.23.10 allows local users to run arbitrary code or cause a denial of service via a large relative timeout. Affected: Linux kernel versions prior to 2.6.23.10. Remediation: up...
CVE-2007-2172
CVE-2007-2172 affects the Linux kernel 2.6 (before 2.6.21-rc6) and 2.4 (before 2.4.35). A typo causes RTA_MAX to be used as an array size instead of RTN_MAX, leading to out-of-bounds access in dn_fib_props (dn_fib.c, DECNet) and fib_props (fib_semantics.c, IPv4). Connected advisories corroborate ...
CVE-2007-4997
CVE-2007-4997 affects the Linux kernel 2.6.x, including components in net/ieee80211/ieee80211_rx.c, where an off-by-two integer underflow in ieee80211_rx can crash the kernel when a runt IEEE 802.11 frame with the IEEE80211_STYPE_QOS_DATA flag is used. Impact is remote denial of service (kernel c...
CVE-2007-2878
CVE-2007-2878: VFAT compat ioctl handling in 64-bit Linux kernels before 2.6.21.2 allows a local user to corrupt a kernel_dirent structure and cause a denial of service (system crash). The issue is documented across multiple advisories (RHSA/CESA, Oracle Linux, CentOS, OpenVAS) and is addressed b...
CVE-2007-6063
CVE-2007-6063 is referenced in MiracleLinux AXSA-2008-150:05 as a fix for a possible isdn_net buffer overflow in the Linux kernel, specifically related to isdn_net_setcfg. The connected advisory notes the kernel vulnerability affects Miracl eLinux 3.x with kernel-2.6.18-53.11AXS3 and lists CVE-20...
CVE-2006-5755
CVE-2006-5755 affects the Linux kernel on x86_64 where, during a context switch, EFLAGS were not properly saved/restored. This can allow a local user to trigger a denial-of-service crash by causing SYSENTER to set an NT flag, which may crash on the IRET of the next task. The vulnerability is docu...
CVE-2006-6921
CVE-2006-6921 is an in-kernel local denial-of-service vulnerability where a zombie/p wedged process could be created if a parent died and init could not reap it. It is referenced across multiple advisories (e.g., RHSA-2007-0939, ELSA-2008-0154, CESAs) and Linux distributions have patched the kern...
CVE-2007-2876
CVE-2007-2876 affects Linux kernel SCTP Netfilter connection-tracking code (ip_conntrack_proto_sctp.c and nf_conntrack_proto_sctp.c). A remote attacker can trigger a denial of service by causing certain invalid SCTP states that lead to a NULL pointer dereference. Impact is a complete availability...
CVE-2007-1592
The CVE-2007-1592 vulnerability affects the Linux kernel (2.6.x up to 2.6.21-rc3) in net/ipv6/tcp_ipv6.c, where ipv6_fl_socklist is inadvertently shared from a listening IPv6 socket to child sockets. This can allow a local user to cause a denial of service (OOPS) or a double free by attaching a f...
CVE-2007-3843
The CVE-2007-3843 issue affects the Linux kernel (pre-2.6.23-rc1) CIFS handling: the mount option sec= is checked against the wrong global variable, which could allow remote attackers to spoof CIFS network traffic intended to be signed with security signatures (e.g., lack of signing despite sec=n...
CVE-2007-5093
The CVE-2007-5093 issue affects the Linux kernel pwc (Philips USB Webcam) driver in 2.6.x up to 2.6.22.5, where disconnect relies on user space to close the device. This can allow a user-assisted local attacker to cause a denial of service (USB subsystem hang and khubd CPU usage) by not closing t...
CVE-2007-6151
CVE-2007-6151 affects the Linux kernel ISDN subsystem (ISDN ioctl path). The description in the Initial document states a local user can trigger a denial-of-service via a crafted ioctl struct where iocts is not null-terminated, causing a buffer overflow in isdn_common.c. Connected documents (RHSA...
CVE-2007-3740
CVE-2007-3740 describes a flaw in the CIFS filesystem of the Linux kernel prior to 2.6.22 where Unix extension support can fail to honor the process umask, enabling a local user to gain privileges. Affected are kernels with CIFS Unix extensions enabled; impact is local privilege escalation. Remed...
CVE-2007-3848
CVE-2007-3848 affects the Linux kernel (notably 2.4.35 and other versions) by allowing a local user to send arbitrary signals to a higher-privilege child process via a setuid-root parent dying and delivering an attacker-controlled death signal (PR_SET_PDEATHSIG). The issue is listed in advisories...
CVE-2007-1496
CVE-2007-1496 affects nfnetlink_log in the Linux kernel prior to 2.6.20.3. The issue is triggered via netfilter’s nfnetlink path (nfulnl_recv_config) when handling netlink messages, including cases with multiple packets per netlink message and bridged packets, leading to a NULL pointer dereferenc...
CVE-2007-2875
CVE-2007-2875 concerns an Integer underflow in cpuset_tasks_read of the Linux kernel when the cpuset filesystem is mounted. The issue affects kernels prior to 2.6.20.13 and 2.6.21.x prior to 2.6.21.4, allowing a local attacker to read kernel memory contents by supplying a large offset while readi...
CVE-2007-3642
The vulnerability CVE-2007-3642 affects the Linux kernel and is tied to the decode_choice function in nf_conntrack_h323_asn1.c. It allows remote attackers to trigger a denial of service (crash) by providing an encoded, out-of-range index for a choice field, causing a NULL pointer dereference. Aff...
CVE-2007-3105
CVE-2007-3105 affects the Linux kernel before 2.6.22, where a stack-based buffer overflow in the RNG can be triggered by setting the default wakeup threshold larger than the output pool size. This may allow local root users to cause a denial of service or gain privileges due to the pool transfer ...
CVE-2007-4571
CVE-2007-4571 affects the ALSA portion of the Linux kernel before 2.6.22.8. The snd_mem_proc_read function in sound/core/memalloc.c does not return the correct write size, enabling a local user to read kernel memory contents via a small count argument (demonstrated by reading /proc/driver/snd-pag...
CVE-2007-5500
The CVE-2007-5500 issue is described in connected documents as a vulnerability in the Linux kernel (2.6.x) where the wait_task_stopped routine checks a TASK_TRACED bit instead of exit_state. This could allow a local unprivileged user to cause a denial of service (machine crash) via unspecified ve...
CVE-2006-7203
CVE-2006-7203 affects the Linux kernel 2.6.20 and earlier, via compat_sys_mount in fs/compat.c. When mounting a smbfs filesystem in compatibility mode (mount -t smbfs), a local user can trigger a NULL pointer dereference (and oops), leading to denial of service. Publicly documented references (RH...
CVE-2007-5904
The CVE-2007-5904 issue is a kernel vulnerability in the CIFS VFS of the Linux 2.6.23 and earlier kernels. It involves multiple buffer overflows triggered by long SMB responses in the SendReceive function, enabling a remote attacker to cause a crash and, potentially, arbitrary code execution. Pub...
CVE-2007-0771
CVE-2007-0771 concerns the Linux kernel utrace support (notably in 2.6.18 and related 2.6.x lines) where local attackers can trigger a DoS via a race/spin failure between utrace_attach and related code paths when using ptrace (as exemplified by the ptrace-thrash scenario). The vulnerability manif...
CVE-2007-3731
CVE-2007-3731 affects the Linux kernel 2.6.20/2.6.21. The vulnerability arises from handling an invalid LDT segment selector in %cs during ptrace single-step operations, enabling a local user to trigger a NULL pointer dereference and an OOPS, via PTRACE_SETREGS and PTRACE_SINGLESTEP (TRACE_IRQS_O...
CVE-2007-0958
CVE-2007-0958 : In Linux kernel 2.6.x before 2.6.20, local users can read unreadable binaries by abusing the PT_INTERP interpreter mechanism, triggering a core dump. This is a local-privilege issue; the described impact is to read binaries via core-dump behavior. According to the changelog refere...
CVE-2007-1861
CVE-2007-1861 affects the Linux kernel prior to 2.6.20.8. The nl_fib_lookup function in net/ipv4/fib_frontend.c can be triggered by NETLINK_FIB_LOOKUP replies, causing infinite recursion and a stack overflow that leads to a kernel panic (denial of service). Open sources in the connected data conf...
CVE-2007-2525
CVE-2007-2525 : Memory leak in the Linux kernel PPPoE socket implementation allows a local user to cause a denial of service by creating a socket with connect and releasing it before PPPIOCGCHAN is initialized. Affected: Linux kernel before 2.6.21-git8. Impact: memory consumption leading to DoS. ...
CVE-2007-4133
CVE-2007-4133 affects the Linux kernel prior to 2.6.19-rc4. The vulnerability lies in the hugetlbfs code: the functions hugetlb_vmtruncate_list and hugetlb_vmtruncate in fs/hugetlbfs/inode.c perform prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, enabling a local user to trigg...
CVE-2006-5753
The CVE-2006-5753 issue concerns the Linux kernel: a flaw in the listxattr system call that can be exploited when a bad inode is present. Local users may cause a denial of service (data corruption) and potentially escalate privileges. Supported documents indicate this vulnerability was addressed ...
CVE-2007-0772
The CVE-2007-0772 entry applies to the Linux kernel 2.6.13 and earlier, with the issue fixed in 2.6.20.1. A crafted NFSACL 2 ACCESS request could trigger a free of an incorrect pointer, leading to a remote denial of service (oops). Affected versions before 2.6.20.1 are vulnerable; mitigation is t...
CVE-2007-2764
The CVE-2007-2764 entry concerns the embedded Linux kernel in certain Sun-Brocade SilkWorm switches prior to 20070516. The issue arises when a non-root user creates a kernel process, which can lead to a denial of service (kernel oops) and device reboot via unspecified vectors. The NVD entry assig...
CVE-2007-3851
CVE-2007-3851 affects the Linux kernel’s i915 DRM path on Intel 965-era chipsets. The flaw lets a local user with access to an X11 session and DRM write to arbitrary memory via a crafted batchbuffer, enabling privilege escalation. The issue is tied to the DRM/i915 driver before kernel 2.6.22.2. P...
CVE-2007-0006
The CVE-2007-0006 issue affects Linux kernels 2.6.9 through 2.6.20 in the key_alloc_serial code, where a fault in the key serial number collision avoidance can be triggered by a local user, leading to a crash via a NULL pointer dereference (local DoS). The vulnerability is documented across multi...
CVE-2007-1730
CVE-2007-1730 is a local kernel vulnerability due to an integer signedness error in the DCCP path (do_dccp_getsockopt) affecting Linux kernels 2.6.20 and later. The flaw allows a local user to read kernel memory or trigger a denial of service via a negative optlen. This is confirmed by Red Hat CV...
CVE-2007-1217
CVE-2007-1217 affects the ISDN CAPI subsystem in Linux kernel 2.6.9–2.6.20 and isdn4k-utils. A buffer overflow in capiutil.c’s bufprint function could allow a local user to crash the system and potentially gain privileges via a crafted CAPI packet. Exploitation requires ISDN frame access to the t...
CVE-2007-1000
The CVE-2007-1000 issue affects the Linux kernel up to version 2.6.20.2, where the ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c can trigger a NULL dereference through certain getsockopt calls, allowing local users to read arbitrary kernel memory. The vulnerability stems from a NULL...
CVE-2007-1353
CVE-2007-1353 affects the Linux kernel’s Bluetooth stack (L2CAP and HCI) and can allow a context-dependent attacker to read kernel memory via the copy_from_user call accessing an uninitialized stack buffer in the setsockopt pathway. The vulnerability is present in kernel versions prior to 2.4.34....
CVE-2007-3107
The CVE-2007-3107 entry concerns a flaw in the Linux kernel signal handling on PowerPC systems using HTX. The issue allows local users to cause a denial of service via floating point corruption and concurrency issues related to clearing MSR bits, as described in the initial document. Connected so...
CVE-2007-2451
CVE-2007-2451 refers to a vulnerability in GEODE-AES (drivers/crypto/geode-aes.c) within the Linux kernel, fixed in kernel version 2.6.21.3. The issue is described as an unspecified vulnerability that could allow attackers to obtain sensitive information via unspecified vectors. The Linux kernel ...
CVE-2006-5754
CVE-2006-5754 is a Linux kernel local vulnerability in the aio_setup_ring path where an incorrect initialization of nr_pages can lead to a local DoS (crash). The issue is described in multiple advisories and open‑source scanning feeds as part of a broader set of kernel flaws resolved by kernel up...
CVE-2007-3513
CVE-2007-3513 : In the Linux kernel, the lcd_write function in drivers/usb/misc/usblcd.c does not limit memory used by a caller, allowing a local user to exhaust memory and cause a denial of service. Affected until 2.6.22-rc7; remediation is upgrading to 2.6.22-rc7 or later where the issue is fix...
CVE-2007-3719
CVE-2007-3719 concerns the Linux kernel scheduler around version 2.6.16, which gives preference to “interactive” processes that perform voluntary sleeps. This bias can be exploited by a local user to trigger a denial of service via CPU consumption. The connected documents reiterate the vulnerabil...
CVE-2007-1497
CVE-2007-1497 affects the Linux kernel nf_conntrack netfilter code prior to 2.6.20.3. During IPv6 fragment reassembly, nfctinfo is not set, leaving the default IP_CT_ESTABLISHED and potentially allowing remote attackers to bypass certain netfilter rulesusing IPv6 fragments. The documented fix is ...