| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-2548 |
310 |
|
+Info |
2013-03-15 |
2013-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. |
|
2 |
CVE-2013-2547 |
310 |
|
+Info |
2013-03-15 |
2013-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. |
|
3 |
CVE-2013-2546 |
310 |
|
+Info |
2013-03-15 |
2013-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability. |
|
4 |
CVE-2013-1956 |
264 |
|
Bypass |
2013-04-24 |
2013-05-01 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call. |
|
5 |
CVE-2013-0160 |
200 |
|
+Info |
2013-02-17 |
2013-02-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. |
|
6 |
CVE-2012-6536 |
200 |
|
+Info |
2013-03-15 |
2013-03-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability and providing a (1) new or (2) updated state. |
|
7 |
CVE-2012-4530 |
200 |
|
+Info |
2013-02-17 |
2013-02-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. |
|
8 |
CVE-2012-3430 |
200 |
|
+Info |
2012-10-03 |
2013-04-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. |
|
9 |
CVE-2012-2669 |
20 |
|
|
2012-12-27 |
2013-01-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message. |
|
10 |
CVE-2011-4132 |
20 |
|
DoS |
2012-01-27 |
2012-12-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value." |
|
11 |
CVE-2011-4110 |
264 |
|
DoS |
2012-01-27 |
2012-03-22 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key." |
|
12 |
CVE-2011-2700 |
119 |
|
DoS Overflow |
2011-09-06 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Multiple buffer overflows in the si4713_write_econtrol_string function in drivers/media/radio/si4713-i2c.c in the Linux kernel before 2.6.39.4 on the N900 platform might allow local users to cause a denial of service or have unspecified other impact via a crafted s_ext_ctrls operation with a (1) V4L2_CID_RDS_TX_PS_NAME or (2) V4L2_CID_RDS_TX_RADIO_TEXT control ID. |
|
13 |
CVE-2011-2495 |
264 |
|
|
2012-06-13 |
2012-06-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password. |
|
14 |
CVE-2011-2494 |
200 |
|
+Info |
2012-06-13 |
2012-12-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password. |
|
15 |
CVE-2011-2493 |
|
|
DoS |
2012-06-13 |
2012-06-14 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel before 2.6.39 does not properly initialize a certain error-report data structure, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem. |
|
16 |
CVE-2011-2210 |
264 |
|
+Info |
2012-06-13 |
2012-06-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The osf_getsysinfo function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform does not properly restrict the data size for GSI_GET_HWRPB operations, which allows local users to obtain sensitive information from kernel memory via a crafted call. |
|
17 |
CVE-2011-2209 |
189 |
|
+Info |
2012-06-13 |
2012-06-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Integer signedness error in the osf_sysinfo function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform allows local users to obtain sensitive information from kernel memory via a crafted call. |
|
18 |
CVE-2011-2208 |
189 |
|
+Info |
2012-06-13 |
2012-06-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Integer signedness error in the osf_getdomainname function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform allows local users to obtain sensitive information from kernel memory via a crafted call. |
|
19 |
CVE-2011-2203 |
264 |
|
DoS |
2012-01-27 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The hfs_find_init function in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and Oops) by mounting an HFS file system with a malformed MDB extent record. |
|
20 |
CVE-2011-1172 |
200 |
|
+Info |
2011-06-22 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. |
|
21 |
CVE-2011-1171 |
200 |
|
+Info |
2011-06-22 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. |
|
22 |
CVE-2011-1170 |
200 |
|
+Info |
2011-06-22 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. |
|
23 |
CVE-2011-1163 |
20 |
|
+Info |
2011-04-09 |
2013-01-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing. |
|
24 |
CVE-2011-1162 |
200 |
|
+Info |
2012-01-27 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The tpm_read function in the Linux kernel 2.6 does not properly clear memory, which might allow local users to read the results of the previous TPM command. |
|
25 |
CVE-2011-1160 |
200 |
|
+Info |
2012-06-21 |
2012-06-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a certain buffer, which allows local users to obtain potentially sensitive information from kernel memory via unspecified vectors. |
|
26 |
CVE-2011-1080 |
20 |
|
+Info |
2012-06-21 |
2012-06-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The do_replace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability to replace a table, and then reading a modprobe command line. |
|
27 |
CVE-2011-1020 |
264 |
|
DoS +Info |
2011-02-28 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. |
|
28 |
CVE-2011-0726 |
20 |
|
|
2011-07-18 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary. |
|
29 |
CVE-2011-0711 |
200 |
|
+Info |
2011-03-01 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call. |
|
30 |
CVE-2011-0710 |
200 |
|
+Info |
2011-02-18 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The task_show_regs function in arch/s390/kernel/traps.c in the Linux kernel before 2.6.38-rc4-next-20110216 on the s390 platform allows local users to obtain the values of the registers of an arbitrary process by reading a status file under /proc/. |
|
31 |
CVE-2011-0463 |
20 |
|
+Info |
2011-04-09 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the Oracle Cluster File System 2 (OCFS2) subsystem in the Linux kernel before 2.6.39-rc1 does not properly handle holes that cross page boundaries, which allows local users to obtain potentially sensitive information from uninitialized disk locations by reading a file. |
|
32 |
CVE-2010-4565 |
200 |
|
+Info |
2010-12-29 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename. |
|
33 |
CVE-2010-4529 |
189 |
|
+Info |
2011-01-13 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockopt call. |
|
34 |
CVE-2010-4346 |
264 |
|
Bypass |
2010-12-22 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The install_special_mapping function in mm/mmap.c in the Linux kernel before 2.6.37-rc6 does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-language application. |
|
35 |
CVE-2010-4158 |
200 |
|
+Info |
2010-12-30 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter. |
|
36 |
CVE-2010-3861 |
200 |
|
+Info |
2010-12-10 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize a certain block of heap memory, which allows local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value, a different vulnerability than CVE-2010-2478. |
|
37 |
CVE-2010-3477 |
399 |
|
+Info |
2010-09-21 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942. |
|
38 |
CVE-2010-3297 |
200 |
|
+Info |
2010-09-30 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call. |
|
39 |
CVE-2010-3078 |
399 |
|
+Info |
2010-09-21 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call. |
|
40 |
CVE-2010-2946 |
20 |
|
Bypass |
2010-09-29 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name. |
|
41 |
CVE-2010-2942 |
399 |
|
+Info |
2010-09-21 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c. |
|
42 |
CVE-2010-1636 |
200 |
|
+Info |
2010-06-07 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs functionality in the Linux kernel 2.6.29 through 2.6.32, and possibly other versions, does not ensure that a cloned file descriptor has been opened for reading, which allows local users to read sensitive information from a write-only file descriptor. |
|
43 |
CVE-2010-1488 |
399 |
|
DoS |
2010-04-20 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The proc_oom_score function in fs/proc/base.c in the Linux kernel before 2.6.34-rc4 uses inappropriate data structures during selection of a candidate for the OOM killer, which might allow local users to cause a denial of service via unspecified patterns of task creation. |
|
44 |
CVE-2010-0622 |
|
|
DoS |
2010-02-15 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. |
|
45 |
CVE-2010-0007 |
264 |
|
Bypass |
2010-01-19 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application. |
|
46 |
CVE-2009-2691 |
200 |
|
+Info |
2009-08-14 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read (1) maps and (2) smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition. |
|
47 |
CVE-2009-0676 |
264 |
|
+Info |
2009-02-22 |
2012-04-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request. |
|
48 |
CVE-2009-0675 |
264 |
|
|
2009-02-22 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue. |
|
49 |
CVE-2009-0028 |
264 |
|
|
2009-02-27 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. |
|
50 |
CVE-2008-3528 |
264 |
|
DoS |
2008-09-27 |
2012-10-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries. |
