Linux Kernel Security Vulnerabilities and Issues — Page 5 of Linux Kernel CVE List

Lucene search

LinuxLinux Kernel

234 matches found

CVE•added 2005/05/02 4:0 a.m.•50 views

CVE-2005-0400

The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block.

2.1CVSS4.8AI score0.00087EPSS

CVE•added 2010/04/20 3:30 p.m.•50 views

CVE-2010-1488

The proc_oom_score function in fs/proc/base.c in the Linux kernel before 2.6.34-rc4 uses inappropriate data structures during selection of a candidate for the OOM killer, which might allow local users to cause a denial of service via unspecified patterns of task creation.

2.1CVSS6.2AI score0.00147EPSS

CVE•added 2004/04/15 4:0 a.m.•49 views

CVE-2003-1040

kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service (crash) by sending certain signals to kmod.

2.1CVSS6AI score0.00078EPSS

CVE•added 2005/05/02 4:0 a.m.•49 views

CVE-2005-0137

Linux kernel 2.6 on Itanium (ia64) architectures allows local users to cause a denial of service via a "missing Itanium syscall table entry."

2.1CVSS5.9AI score0.00063EPSS

CVE•added 2005/03/07 5:0 a.m.•49 views

CVE-2005-0179

Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of service (CPU and memory consumption) and bypass RLIM_MEMLOCK limits via the mlockall call.

2.1CVSS5.2AI score0.00067EPSS

CVE•added 2005/05/02 4:0 a.m.•49 views

CVE-2005-1369

The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before 2.6.11.8, and 2.6.12 before 2.6.12-rc2, create the sysfs "alarms" file with write permissions, which allows local users to cause a denial of service (CPU consumption) by attempting to write to the file, which does not have an associ...

2.1CVSS5.3AI score0.00049EPSS

CVE•added 2006/05/12 1:2 a.m.•49 views

CVE-2006-1859

Memory leak in __setlease in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (memory consumption) via unspecified actions related to an "uninitialised return value," aka "slab leak."

2.1CVSS7.2AI score0.00074EPSS

CVE•added 2001/09/12 4:0 a.m.•48 views

CVE-1999-1285

Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed.

2.1CVSS7.2AI score0.00075EPSS

CVE•added 2005/10/07 6:2 p.m.•48 views

CVE-2005-1764

Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard page for the 47-bit address page to protect against an AMD K8 bug, which allows local users to cause a denial of service.

2.1CVSS6.1AI score0.00063EPSS

CVE•added 2005/10/25 6:2 p.m.•48 views

CVE-2005-2708

The search_binary_handler function in exec.c in Linux 2.4 kernel on 64-bit x86 architectures does not check a return code for a particular function call when virtual memory is low, which allows local users to cause a denial of service (panic), as demonstrated by running a process using the bash uli...

2.1CVSS6.2AI score0.00097EPSS

CVE•added 2013/04/24 7:55 p.m.•48 views

CVE-2013-1956

The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call.

2.1CVSS6.2AI score0.0003EPSS

CVE•added 2004/09/01 4:0 a.m.•47 views

CVE-2001-0907

Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows local users to cause a denial of service via a series of deeply nested symlinks, which causes the kernel to spend extra time when trying to access the link.

2.1CVSS6.1AI score0.00224EPSS

CVE•added 2002/08/31 4:0 a.m.•47 views

CVE-2001-1399

Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka "User access asm bug on x86."

2.1CVSS5.3AI score0.00137EPSS

CVE•added 2005/05/02 4:0 a.m.•47 views

CVE-2005-0916

AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with CONFIG_HUGETLB_PAGE enabled allows local users to cause a denial of service (system panic) via a process that executes the io_queue_init function but exits without running io_queue_release, which causes exit_aio and is_hugepage_...

2.1CVSS5.1AI score0.00146EPSS

CVE•added 2002/08/12 4:0 a.m.•45 views

CVE-2002-0499

The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories.

2.1CVSS6.6AI score0.00461EPSS

CVE•added 2002/07/03 4:0 a.m.•45 views

CVE-2002-0570

The encrypted loop device in Linux kernel 2.4.10 and earlier does not authenticate the entity that is encrypting data, which allows local users to modify encrypted data without knowing the key.

2.1CVSS6.5AI score0.00118EPSS

CVE•added 2004/08/06 4:0 a.m.•45 views

CVE-2004-0596

The Equalizer Load-balancer for serial network interfaces (eql.c) in Linux kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a non-existent device name that triggers a null dereference.

2.1CVSS6.5AI score0.00063EPSS

CVE•added 2005/06/01 4:0 a.m.•45 views

CVE-2004-2136

dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.

2.1CVSS6.9AI score0.0007EPSS

CVE•added 2005/05/02 4:0 a.m.•45 views

CVE-2005-0207

Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.

2.1CVSS6.2AI score0.00078EPSS

CVE•added 2000/02/04 5:0 a.m.•44 views

CVE-1999-0171

Denial of service in syslog by sending it a large number of superfluous messages.

2.1CVSS6.8AI score0.00173EPSS

CVE•added 2006/11/27 12:7 a.m.•44 views

CVE-2006-6128

The ReiserFS functionality in Linux kernel 2.6.18, and possibly other versions, allows local users to cause a denial of service via a malformed ReiserFS file system that triggers memory corruption when a sync is performed.

2.1CVSS6.4AI score0.00075EPSS

CVE•added 2002/08/31 4:0 a.m.•43 views

CVE-2001-1393

Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service (hang).

2.1CVSS5.5AI score0.00071EPSS

CVE•added 2004/02/17 5:0 a.m.•42 views

CVE-2004-0058

Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local users to overwrite arbitrary files via a symlink attack on the .pid_antivir_$$ temporary file.

2.1CVSS6.8AI score0.00107EPSS

CVE•added 2005/05/02 4:0 a.m.•42 views

CVE-2005-0977

The shmem_nopage function in shmem.c for the tmpfs driver in Linux kernel 2.6 does not properly verify the address argument, which allows local users to cause a denial of service (kernel crash) via an invalid address.

2.1CVSS6AI score0.0007EPSS

CVE•added 2002/05/03 4:0 a.m.•41 views

CVE-2001-1273

The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, when running on certain Intel CPUs, allows local users to cause a denial of service (system halt).

2.1CVSS6.5AI score0.00051EPSS

CVE•added 2005/06/01 4:0 a.m.•41 views

CVE-2004-2135

cryptoloop on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.

2.1CVSS6.9AI score0.00456EPSS

CVE•added 2006/01/09 8:0 p.m.•41 views

CVE-2005-4352

The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 19...

2.1CVSS6.3AI score0.00106EPSS

CVE•added 2004/09/01 4:0 a.m.•40 views

CVE-2002-1319

The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs.

2.1CVSS6.2AI score0.00063EPSS

CVE•added 2005/05/02 4:0 a.m.•40 views

CVE-2005-0204

Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T architectures, allows local users to write to privileged IO ports via the OUTS instruction.

2.1CVSS6AI score0.00085EPSS

CVE•added 2005/06/28 4:0 a.m.•39 views

CVE-2002-1963

Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit to 10 files, which allows local users to cause a denial of service (resource exhaustion) by opening 10 setuid binaries.

2.1CVSS6.5AI score0.0006EPSS

CVE•added 2000/04/25 4:0 a.m.•38 views

CVE-1999-0782

KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.

2.1CVSS7.1AI score0.00112EPSS

CVE•added 2001/09/12 4:0 a.m.•38 views

CVE-1999-1441

Linux 2.0.34 does not properly prevent users from sending SIGIO signals to arbitrary processes, which allows local users to cause a denial of service by sending SIGIO to processes that do not catch it.

2.1CVSS6.7AI score0.00195EPSS

CVE•added 2012/06/13 10:24 a.m.•38 views

CVE-2011-2210

The osf_getsysinfo function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform does not properly restrict the data size for GSI_GET_HWRPB operations, which allows local users to obtain sensitive information from kernel memory via a crafted call.

2.1CVSS5.8AI score0.00147EPSS

CVE•added 2007/12/18 8:46 p.m.•35 views

CVE-2007-6434

Linux kernel 2.6.23 allows local users to create low pages in virtual userspace memory and bypass mmap_min_addr protection via a crafted executable file that calls the do_brk function.

2.1CVSS6.1AI score0.00056EPSS

Total number of security vulnerabilities234