A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files.
Max CVSS
3.7
EPSS Score
0.04%
Published
1999-01-01
Updated
2022-08-17
Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process.
Max CVSS
3.7
EPSS Score
0.04%
Published
2001-05-03
Updated
2017-10-10
Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact.
Max CVSS
3.6
EPSS Score
0.06%
Published
2001-04-17
Updated
2016-12-08
Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact.
Max CVSS
3.6
EPSS Score
0.06%
Published
2001-04-17
Updated
2016-12-08
The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall).
Max CVSS
3.6
EPSS Score
0.04%
Published
2002-08-12
Updated
2016-10-18
Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption.
Max CVSS
3.6
EPSS Score
0.04%
Published
2003-02-19
Updated
2008-09-11
The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.
Max CVSS
3.6
EPSS Score
0.36%
Published
2003-06-16
Updated
2017-10-11
Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the copy_from_user and copy_to_user functions.
Max CVSS
3.6
EPSS Score
0.04%
Published
2005-03-07
Updated
2017-10-11
Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow.
Max CVSS
3.7
EPSS Score
0.06%
Published
2005-07-11
Updated
2017-10-11
The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input.
Max CVSS
3.6
EPSS Score
0.06%
Published
2005-09-14
Updated
2018-10-19
The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 and later, on the 64-bit x86 platform, does not check the return value of the insert_vm_struct function, which allows local users to trigger a memory leak via a 32-bit application with crafted ELF headers.
Max CVSS
3.6
EPSS Score
0.04%
Published
2005-08-17
Updated
2008-09-05
Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows local users to corrupt user memory and possibly cause a denial of service via a long string, which causes sysctl to write a zero byte outside the buffer. NOTE: since the sysctl is called from a userland program that provides the argument, this might not be a vulnerability, unless a legitimate user-assisted or setuid scenario can be identified.
Max CVSS
3.6
EPSS Score
0.04%
Published
2005-12-31
Updated
2018-10-03
madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071.
Max CVSS
3.6
EPSS Score
0.15%
Published
2006-04-19
Updated
2017-07-20
VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.
Max CVSS
3.6
EPSS Score
0.04%
Published
2008-01-15
Updated
2023-02-13
The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary files, possibly leading to a denial of service.
Max CVSS
3.6
EPSS Score
0.04%
Published
2008-05-12
Updated
2017-08-08
The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.
Max CVSS
3.6
EPSS Score
0.05%
Published
2009-03-06
Updated
2020-08-26
The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod, a related issue to CVE-2009-0342 and CVE-2009-0343.
Max CVSS
3.6
EPSS Score
0.04%
Published
2009-03-06
Updated
2012-03-19
The orinoco_ioctl_set_auth function in drivers/net/wireless/orinoco/wext.c in the Linux kernel before 2.6.37 does not properly implement a TKIP protection mechanism, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading Wi-Fi frames.
Max CVSS
3.3
EPSS Score
0.24%
Published
2012-06-21
Updated
2023-02-13
drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local users to modify arbitrary kernel memory locations by leveraging root privileges to write to the /sys/kernel/debug/acpi/custom_method file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4347.
Max CVSS
3.6
EPSS Score
0.04%
Published
2012-06-21
Updated
2023-02-13
kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call.
Max CVSS
3.6
EPSS Score
0.04%
Published
2013-03-01
Updated
2023-02-13
The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user.
Max CVSS
3.3
EPSS Score
0.04%
Published
2013-06-08
Updated
2023-02-13
mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
Max CVSS
3.3
EPSS Score
0.04%
Published
2011-04-10
Updated
2018-01-10
mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations.
Max CVSS
3.3
EPSS Score
0.04%
Published
2011-04-10
Updated
2017-08-17
Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.
Max CVSS
3.3
EPSS Score
0.04%
Published
2012-10-03
Updated
2014-03-08
The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session."
Max CVSS
3.3
EPSS Score
0.04%
Published
2012-07-12
Updated
2012-08-14
71 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!