105 matches found
CVE-2009-1385
CVE-2009-1385 describes an integer underflow in the e1000/e1000e drivers of the Linux kernel (drivers/net/e1000/e1000_main.c) that can be triggered by a crafted frame size. Affects Linux kernel versions before 2.6.30-rc8 (and the e1000e driver) and Intel Wired Ethernet (e1000) before 7.5.5. Explo...
CVE-2009-0065
CVE-2009-0065 affects the Linux kernel SCTP implementation: a buffer overflow in net/sctp/sm_statefuns.c allows a remote attacker to trigger an impact via a Forward-TSN chunk with a large stream ID on kernels before 2.6.28-git8. The vulnerability is described in multiple connected advisories (e.g...
CVE-2009-2692
CVE-2009-2692 stems from uninitialized proto_ops in the Linux kernel (SOCKOPS_WRAP), allowing local users to trigger a NULL pointer dereference via mmap of page zero and gain privileges by invoking an unavailable operation (e.g., sock_sendpage on PF_PPPOX). Public details reference local privileg...
CVE-2009-2698
CVE-2009-2698 affects the Linux kernel UDP implementation (net/ipv4/udp.c and net/ipv6/udp.c) prior to 2.6.19. Local users can gain privileges or cause a denial of service (NULL pointer dereference/system crash) via UDP socket use with MSG_MORE. Oracle Linux/MiracleLinux advisories reference this...
CVE-2009-3547
CVE-2009-3547 refers to multiple race conditions in fs/pipe.c of the Linux kernel before 2.6.32-rc6. The flaws can allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by opening an anonymous pipe via a /proc/*/fd/ pathname. A fix is availa...
CVE-2009-0676
The CVE-2009-0676 issue affects the Linux kernel prior to 2.6.28.6, where sock_getsockopt in net/core/sock.c fails to initialize a structure member, enabling local attackers to read potentially sensitive kernel memory via an SO_BSDCOMPAT getsockopt request. Publicly documented in multiple sources...
CVE-2009-1439
The CVE-2009-1439 entry describes a buffer overflow in CIFS/Tree Connect handling (fs/cifs/connect.c) of the Linux kernel prior to 2.6.30, where a long nativeFileSystem field in an SMB mount response can cause a remote crash (DoS). The vulnerability affects the Linux kernel’s CIFS implementation ...
CVE-2009-0028
CVE-2009-0028 is a local vulnerability in the Linux kernel up to version 2.6.28 where the clone system call with CLONE_PARENT can allow an unprivileged child to spawn a second child and exit, enabling it to send arbitrary signals to the parent process. The MiracleLinux AXSA-2009-42:04 advisory ex...
CVE-2009-3726
The CVE-2009-3726 issue affects the Linux kernel NFSv4 client (fs/nfs/nfs4proc.c) and is triggered when a remote NFS server returns a crafted response with incorrect file attributes. This can cause a NULL pointer dereference and kernel panic by attempting to use an open file that has no NFSv4 sta...
CVE-2009-3080
CVE-2009-3080 affects the Linux kernel gdth driver (gdth_read_event in drivers/scsi/gdth.c). In kernels before 2.6.32-rc8, a negative event index in an IOCTL can allow local users to cause a denial of service or potentially gain privileges. MiracleLinux advisories cite this CVE as part of affecte...
CVE-2009-1895
The vulnerability CVE-2009-1895 affects the Linux kernel’s personality subsystem prior to 2.6.31-rc3, where PER_CLEAR_ON_SETID fails to clear ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO when executing a setuid/setgid program. This enables local users to exploit memory‑layout details to perform NULL poi...
CVE-2009-2848
CVE-2009-2848 is confirmed in connected material as applicable to MiracleLinux kernel package 2.6.18-128.10AXS3, aligning with the Linux kernel vulnerability where execve does not properly clear current->clear_child_tid during thread creation/exit. This misbehavior can enable local users to ca...
CVE-2009-1389
CVE-2009-1389 is a vulnerability in the Linux kernel RTL8169 NIC driver (drivers/net/r8169.c). A crafted long Ethernet frame can cause a buffer overflow, leading to kernel memory corruption and a crash (remote DoS) on affected systems. The issue affects kernels before 2.6.30; exploitation require...
CVE-2009-4020
CVE-2009-4020 describes a stack-based buffer overflow in the Linux kernel 2.6.32 hfs subsystem (fs/hfs/dir.c, hfs_readdir). A crafted Hierarchical File System (HFS) filesystem could allow an attacker to achieve an unspecified impact via the HFS filesystem. Several Nessus/GD advisories link this C...
CVE-2009-3621
The CVE-2009-3621 issue affects the Linux kernel up to version 2.6.31.4 and earlier, specifically in net/unix/af_unix.c. The vulnerability allows a local attacker to cause a denial of service (system hang) by: (1) creating an abstract-namespace AF_UNIX listening socket, (2) performing a shutdown ...
CVE-2009-1072
CVE-2009-1072 affects the Linux kernel prior to 2.6.28.9. nfsd in the kernel does not drop the CAP_MKNOD capability before handling a user request in a thread, enabling local users on an exported filesystem using root_squash to create device nodes. MiracleLinux 3 lists this as fixed in kernel-2.6...
CVE-2009-1192
CVE-2009-1192 affects the Linux kernel AGP subsystem (drivers/char/agp/generic.c) where two functions, agp_generic_alloc_page and agp_generic_alloc_pages, do not zero out pages that may later be exposed to a user-space process. This can allow local users to read pages and obtain sensitive informa...
CVE-2009-2406
CVE-2009-2406 refers to a stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c of the Linux kernel before 2.6.30.4. The issue arises from not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size, enabling l...
CVE-2009-3228
The CVE-2009-3228 issue concerns the Linux kernel tc subsystem (net/sched/sch_api.c: tc_fill_tclass). In Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9, certain structure members (tcm__pad1, tcm__pad2) are not initialized, which could allow local users to read sensitive data from ...
CVE-2009-2695
CVE-2009-2695 affects the Linux kernel before 2.6.31-rc7, where mmap operations targeting page zero and other low memory addresses are not properly prevented. This enables local privilege escalation via NULL pointer dereference vulnerabilities, linked to (1) SELinux’s allow_unconfined_mmap_low se...
CVE-2009-3002
CVE-2009-3002 affects the Linux kernel prior to 2.6.31-rc7, where getname() implementations for IrDA, AppleTalk DDP, NET/ROM, and ROSE (and related sockets) did not initialize certain data structures before copying to user-space. This allowed a local user to leak information by calling getsocknam...
CVE-2009-3612
CVE-2009-3612 affects the Linux kernel’s net/sched/cls_api.c tcf_fill_node in the netlink subsystem. The issue is that a tcm__pad2 structure member is not initialized, potentially allowing local attackers to read sensitive kernel memory. Affected: kernel 2.6.x prior to 2.6.32-rc5 and 2.4.37.6 and...
CVE-2009-1336
CVE-2009-1336 affects the Linux kernel (before 2.6.23) in the NFS client path. The issue is that a structure member that stores the maximum NFS filename length is not properly initialized, related to the encode_lookup function. This allows local users to trigger a denial of service (OOPS) by usin...
CVE-2009-2844
CVE-2009-2844 affects the Linux kernel’s cfg80211 code (net/wireless/scan.c) in 2.6.30-rc1 and earlier than 2.6.31-rc6. The vulnerability allows remote attackers to cause a denial of service (crash) by sending a crafted sequence of beacon frames: one frame omits the SSID Information Element, and ...
CVE-2008-4307
CVE-2008-4307 is a Linux kernel local-denial-of-service issue caused by a race in do_setlk (fs/nfs/file.c) where improper handling of a race between fcntl and close in the EINTR path can crash the kernel and leave a stray FL_POSIX lock. Affected product: Linux kernel versions before 2.6.26. The v...
CVE-2009-0834
The CVE-2009-0834 issue affects the Linux kernel up to 2.6.28.7 on x86_64, where audit_syscall_entry mishandles 32-bit processes making 64-bit syscalls or 64-bit processes making 32-bit syscalls. This can allow local users to bypass certain syscall audit configurations, and is related to CVE-2009...
CVE-2009-2910
CVE-2009-2910 affects the Linux kernel’s ia32 entry path on x86_64. The issue is that arch/x86/ia32/ia32entry.S does not clear certain kernel registers before returning to user mode, which allows a local attacker to read register values from an earlier process after switching an ia32 process into...
CVE-2009-3620
CVE-2009-3620 affects the ATI Rage 128 (r128) driver in the Linux kernel, where the driver fails to properly verify Concurrent Command Engine (CCE) state initialization. This local vulnerability can cause a NULL pointer dereference and system crash (DoS) and may allow privilege escalation via uns...
CVE-2009-0675
CVE-2009-0675 affects the Linux kernel up to version 2.6.28.6, where the skfp_ioctl function in drivers/net/skfp/skfddi.c incorrectly allows SKFP_CLR_STATS requests when CAP_NET_ADMIN is absent rather than present, enabling local users to reset driver statistics (inverted logic). The vulnerabilit...
CVE-2009-1630
CVE-2009-1630 affects the Linux kernel nfs client: the nfs_permission function in fs/nfs/dir.c (kernel 2.6.29.3 and earlier) does not check execute (MAY_EXEC) permission bits when atomic_open is available. This allows local users to bypass permissions and execute files, as demonstrated by files o...
CVE-2009-2903
The CVE-2009-2903 entry concerns a memory leak in the Linux kernel appletalk subsystem. When the appletalk and ipddp modules are loaded but the ipddp device is not found, remote attackers can trigger memory consumption leading to a denial of service. The issue affects 2.4.x up to 2.4.37.6 and 2.6...
CVE-2009-3238
CVE-2009-3238 affects the Linux kernel (pre-2.6.30) where get_random_int in drivers/char/random.c produced insufficiently random numbers, enabling prediction of return values and potentially defeating defenses based on randomness. Several OS advisories (e.g., RHSA-2009:1438, ELSA-2009-1106/1438, ...
CVE-2009-4308
CVE-2009-4308 affects the Linux kernel ext4 filesystem: the ext4_decode_error function in fs/ext4/super.c can cause a NULL pointer dereference and potential other impact when processing a read-only, journal-less filesystem, enabling user‑assisted remote denial of service. The vulnerability is fix...
CVE-2009-2847
CVE-2009-2847 affects the Linux kernel: do_sigaltstack in kernel/signal.c on 64-bit systems fails to clear certain padding bytes, enabling local users to read sensitive data from the kernel stack via sigaltstack. Affected: Linux kernel versions 2.4–2.4.37 and 2.6 up to 2.6.31-rc5. Impact: local i...
CVE-2009-4138
CVE-2009-4138 affects Linux kernels with the FireWire OHCI driver (drivers/firewire/ohci.c) prior to 2.6.32-git9. In packet-per-buffer mode, a local user can trigger a NULL pointer dereference via an ioctl associated with receiving an ISO packet with a zero payload-length field, potentially leadi...
CVE-2009-3889
CVE-2009-3889 affects the Linux kernel megaraid_sas driver; the dbg_lvl file is world-writable in kernels before 2.6.27, enabling local users to modify driver behavior and logging level. MiracleLinux AXSA:2010-141 references this issue among others and indicates a fix in kernel 2.6.27+ as part of...
CVE-2009-1298
CVE-2009-1298 affects the Linux kernel: the function ip_frag_reasm in net/ipv4/ip_fragment.c can be triggered by long IP packets due to an incorrect argument passed to IP_INC_STATS_BH. This enables remote attackers to cause a denial of service via a NULL pointer dereference and kernel hang. Affec...
CVE-2009-0745
CVE-2009-0745 concerns the Linux kernel ext4 resize path. The ext4_group_add function in fs/ext4/resize.c fails to properly initialize the group descriptor during a resize (resize2fs), which can allow a local attacker to trigger a denial of service (OOPS) by manipulating crafted values in memory....
CVE-2009-3613
The CVE-2009-3613 issue affects the Linux kernel swiotlb implementation in the r8169 driver (drivers/net/r8169.c) and is exploitable before kernel version 2.6.27.22. Remote attackers can trigger a denial of service by sending large amounts of jumbo frames (e.g., flood ping), exhausting IOMMU spac...
CVE-2009-3939
CVE-2009-3939 affects the Linux kernel megaraid_sas driver: the poll_mode_io file has world-writable permissions in kernel 2.6.31.6 and earlier. This enables local users to change the driver I/O mode by modifying the file. The description notes local access and manipulation of driver behavior, wi...
CVE-2009-1633
The CVE-2009-1633 issue affects the Linux kernel CIFS subsystem prior to 2.6.29.4. It describes multiple buffer overflows in CIFS that can be triggered by a malformed Unicode string (Unicode string area alignment in fs/cifs/sess.c) or long Unicode characters (fs/cifs/cifssmb.c and fs/cifs/readdir...
CVE-2009-4307
The CVE-2009-4307 issue affects the Linux kernel ext4 subsystem: the ext4_fill_flex_info function in fs/ext4/super.c allows a remote attacker to trigger a divide-by-zero and panic when a malformed ext4 super block has a large FLEX_BG group size (s_log_groups_per_flex). Impact is denial of service...
CVE-2009-1338
The CVE-2009-1338 issue is confirmed in the Linux kernel prior to 2.6.28, where the kill_something_info() function in kernel/signal.c did not respect PID namespaces when handling signals directed to PID -1. This allowed a local attacker to bypass namespace isolation and send signals to processes ...
CVE-2009-2908
CVE-2009-2908 affects the Linux kernel 2.6.31: the d_delete function in fs/ecryptfs/inode.c can lead to a negative dentry and a NULL pointer dereference. Local users can cause a kernel OOPS and potentially execute arbitrary code; exploitation demonstrated via a Mutt temporary directory in an eCry...
CVE-2009-1337
CVE-2009-1337 : Affected: Linux kernel up to 2.6.30-rc1 (exit_notify in kernel/exit.c). Root cause: exit_notify does not restrict exit signals when CAP_KILL is held, enabling a local user to set a process exit_signal and use exec to launch a setuid program. Impact: local privilege escalation via ...
CVE-2009-3290
CVE-2009-3290 affects KVM in Linux kernel 2.6.25-rc1 and earlier than 2.6.31 on x86. The kvm_emulate_hypercall implementation fails to restrict MMU hypercalls by CPL, enabling a local guest user to crash the guest kernel and read/write guest memory via unspecified addresses. Root cause: CPL check...
CVE-2009-2407
CVE-2009-2407 describes a heap-based buffer overflow in the parse_tag_3_packet function of fs/ecryptfs/keystore.c in the Linux kernel’s eCryptfs subsystem, exploitable via a crafted eCryptfs file. The issue affects Linux kernels before 2.6.30.4 and can lead to a denial of service (system crash) o...
CVE-2009-3286
CVE-2009-3286 affects the Linux kernel 2.6.18 (and possibly other versions) where NFSv4 O_EXCL creates are not properly cleaned up, causing files to be created with insecure settings (e.g., setuid bits) and potentially enabling local privilege escalation. The issue is tied to the do_open_permissi...
CVE-2009-4131
The CVE refers to EXT4_IOC_MOVE_EXT (move extents) in the Linux kernel’s ext4 filesystem, where the ioctl allows local users to overwrite arbitrary files due to insufficient permission checks. Affected: ext4 subsystem on kernel versions prior to 2.6.32-git6. Impact: local privilege-related overwr...
CVE-2009-0031
CVE-2009-0031 affects Linux kernel 2.6.29-rc2 and earlier, caused by a memory leak in keyctl_join_session_keyring (security/keys/keyctl.c) that can allow local users to consume kernel memory and trigger a denial of service. Root cause described as a missing kfree. Connected advisories (e.g., RHSA...