CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux : Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-3917 200 DoS +Info 2014-06-05 2014-10-17
3.3
None Local Medium Not required Partial None Partial
kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.
2 CVE-2014-2038 20 +Info 2014-02-28 2014-03-16
3.7
None Local High Not required Partial Partial Partial
The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by writing to a file in an NFS filesystem and then reading the same file.
3 CVE-2013-4270 20 Bypass 2013-12-09 2014-03-05
3.6
None Local Low Not required Partial Partial None
The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restrictions via a crafted application.
4 CVE-2013-2930 264 2013-12-09 2014-03-05
3.6
None Local Low Not required Partial Partial None
The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application.
5 CVE-2013-2929 264 Bypass +Info 2013-12-09 2014-03-26
3.3
None Local Medium Not required Partial Partial None
The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h.
6 CVE-2013-2140 20 DoS 2013-09-25 2014-01-03
3.8
None Local Network Medium Single system None Partial Partial
The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka discard or TRIM) or (2) SCSI UNMAP feature.
7 CVE-2013-1959 264 1 +Priv 2013-05-03 2013-11-30
3.7
None Local High Not required Partial Partial Partial
kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process.
8 CVE-2013-0914 264 Bypass 2013-03-22 2014-02-06
3.6
None Local Low Not required Partial Partial None
The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call.
9 CVE-2013-0343 DoS +Info 2013-02-28 2014-03-05
3.2
None Local Network High Not required Partial None Partial
The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages.
10 CVE-2012-1174 362 2012-07-12 2012-08-13
3.3
None Local Medium Not required None Partial Partial
The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session."
11 CVE-2011-1833 264 Bypass 2012-10-03 2014-03-07
3.3
None Local Medium Not required Partial Partial None
Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.
12 CVE-2011-1676 264 2011-04-09 2011-04-20
3.3
None Local Medium Not required Partial Partial None
mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations.
13 CVE-2011-1675 16 2011-04-09 2012-01-18
3.3
None Local Medium Not required Partial Partial None
mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
14 CVE-2011-1585 264 Bypass 2013-06-08 2013-06-10
3.3
None Local Medium Not required Partial Partial None
The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user.
15 CVE-2011-1182 2013-03-01 2014-01-13
3.6
None Local Low Not required None Partial Partial
kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call.
16 CVE-2011-1021 264 2012-06-21 2012-06-22
3.6
None Local Low Not required None Partial Partial
drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local users to modify arbitrary kernel memory locations by leveraging root privileges to write to the /sys/kernel/debug/acpi/custom_method file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4347.
17 CVE-2010-4648 2012-06-21 2012-06-26
3.3
None Local Network Low Not required Partial None None
The orinoco_ioctl_set_auth function in drivers/net/wireless/orinoco/wext.c in the Linux kernel before 2.6.37 does not properly implement a TKIP protection mechanism, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading Wi-Fi frames.
18 CVE-2010-2955 189 +Info 2010-09-08 2012-03-19
3.3
None Local Network Low Not required Partial None None
The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size.
19 CVE-2009-0835 264 Bypass 2009-03-06 2012-03-19
3.6
None Local Low Not required Partial Partial None
The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod, a related issue to CVE-2009-0342 and CVE-2009-0343.
20 CVE-2009-0834 264 Bypass 2009-03-06 2012-03-19
3.6
None Local Low Not required Partial Partial None
The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.
21 CVE-2008-2148 264 DoS 2008-05-12 2012-03-19
3.6
None Local Low Not required None Partial Partial
The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary files, possibly leading to a denial of service.
22 CVE-2008-0001 Bypass 2008-01-15 2012-03-19
3.6
None Local Low Not required None Partial Partial
VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.
23 CVE-2006-5158 DoS 2006-10-05 2012-03-19
3.3
None Local Network Low Not required None None Partial
The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock.
24 CVE-2006-1524 264 Bypass 2006-04-19 2012-03-19
3.6
None Local Low Not required Partial Partial None
madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071.
25 CVE-2005-4618 DoS Overflow 2005-12-31 2009-11-12
3.6
None Local Low Not required None Partial Partial
Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows local users to corrupt user memory and possibly cause a denial of service via a long string, which causes sysctl to write a zero byte outside the buffer. NOTE: since the sysctl is called from a userland program that provides the argument, this might not be a vulnerability, unless a legitimate user-assisted or setuid scenario can be identified.
26 CVE-2005-2617 2005-08-17 2008-09-05
3.6
None Local Low Not required None Partial Partial
The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 and later, on the 64-bit x86 platform, does not check the return value of the insert_vm_struct function, which allows local users to trigger a memory leak via a 32-bit application with crafted ELF headers.
27 CVE-2005-2492 DoS 2005-09-14 2010-08-21
3.6
None Local Low Not required Partial None Partial
The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input.
28 CVE-2005-1768 DoS Exec Code Overflow 2005-07-11 2010-08-21
3.7
User Local High Not required Partial Partial Partial
Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow.
29 CVE-2005-0180 Bypass 2005-03-07 2010-08-21
3.6
None Local Low Not required Partial Partial None
Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the copy_from_user and copy_to_user functions.
30 CVE-2003-0246 +Priv 2003-06-16 2008-09-10
3.6
None Local Low Not required Partial Partial None
The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.
31 CVE-2003-0018 2003-02-19 2008-09-10
3.6
None Local Low Not required Partial None Partial
Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption.
32 CVE-2002-0429 2002-08-12 2008-09-10
3.6
None Local Low Not required None Partial Partial
The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall).
33 CVE-2001-1396 2001-04-17 2008-09-05
3.6
None Local Low Not required Partial Partial None
Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact.
34 CVE-2001-1395 2001-04-17 2008-09-05
3.6
None Local Low Not required Partial Partial None
Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact.
35 CVE-2001-0317 +Priv 2001-05-03 2008-09-10
3.7
None Local High Not required Partial Partial Partial
Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process.
36 CVE-1999-0401 1999-01-01 2008-09-09
3.7
User Local High Not required Partial Partial Partial
A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files.
Total number of vulnerabilities : 36   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.