VYPR

Linux kernel

by Linux

Source repositories

CVEs (366)

  • CVE-2014-2673Apr 1, 2014
    Linux
    Kernel
    risk 0.00cvss epss 0.00

    The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a…

  • CVE-2014-2672Apr 1, 2014
    Linux
    Kernel
    risk 0.00cvss epss 0.03

    Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions.

  • CVE-2014-2568Mar 24, 2014
    Linux
    Kernel
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected…

  • CVE-2014-2523Mar 24, 2014
    Linux
    Kernel
    risk 0.00cvss epss 0.10

    net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1)…

  • CVE-2014-0131Mar 24, 2014
    Linux
    Kernel
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.

  • CVE-2013-7339Mar 24, 2014
    Linux
    Kernel
    risk 0.00cvss epss 0.00

    The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks…

  • CVE-2014-2309Mar 11, 2014
    Linux
    Kernel
    risk 0.00cvss epss 0.02

    The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets.

  • CVE-2014-0102Mar 11, 2014
    Linux
    Kernel
    risk 0.00cvss epss 0.01

    The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service (OOPS) via crafted keyctl commands.

  • CVE-2014-0100Mar 11, 2014
    Linux
    Kernel
    risk 0.00cvss epss 0.03

    Race condition in the inet_frag_intern function in net/ipv4/inet_fragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service (use-after-free error) or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request…

  • CVE-2014-0101Mar 11, 2014
    Linux
    Kernel
    risk 0.00cvss epss 0.07

    The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer…

  • CVE-2014-0049Mar 11, 2014
    Linux
    Kernel
    risk 0.00cvss epss 0.01

    Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancel_work_item data.

  • CVE-2014-2039Feb 28, 2014
    Linux
    Kernel
    risk 0.00cvss epss 0.00

    arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s390 platform does not properly handle attempted use of the linkage stack, which allows local users to cause a denial of service (system crash) by executing a crafted instruction.

  • CVE-2014-2038Feb 28, 2014
    Linux
    Kernel
    risk 0.00cvss epss 0.00

    The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic…

  • CVE-2014-1874Feb 28, 2014
    Linux
    Kernel
    risk 0.00cvss epss 0.01

    The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.

  • CVE-2014-1690Feb 28, 2014
    Linux
    Kernel
    risk 0.00cvss epss 0.04

    The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature.

  • CVE-2014-0069Feb 28, 2014
    Linux
    Kernel
    risk 0.00cvss epss 0.00

    The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial…

  • CVE-2013-4737Feb 15, 2014
    Linux
    Linux kernel
    risk 0.00cvss epss 0.01

    The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly consider certain memory sections, which makes it easier for attackers to bypass intended…

  • CVE-2012-6638Feb 15, 2014
    Linux
    Kernel
    risk 0.00cvss epss 0.03

    The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service (kernel resource consumption) via a flood of SYN+FIN TCP packets, a different vulnerability than CVE-2012-2663.

  • CVE-2014-0038Feb 6, 2014
    Linux
    Kernel
    risk 0.00cvss epss 0.35

    The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.

  • CVE-2014-1446Jan 18, 2014
    Linux
    Kernel
    risk 0.00cvss epss 0.01

    The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl…

Page 12 of 19