Kernel
by Linux
Source repositories
CVEs (15,353)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-3831 | 0.00 | — | 0.01 | Oct 20, 2008 | The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial… | |||
| CVE-2008-4576 | 0.00 | — | 0.04 | Oct 15, 2008 | sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer… | |||
| CVE-2008-4554 | 0.00 | — | 0.00 | Oct 15, 2008 | The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file. | |||
| CVE-2008-4445 | 0.00 | — | 0.00 | Oct 6, 2008 | The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by… | |||
| CVE-2008-4410 | 0.00 | — | 0.00 | Oct 3, 2008 | The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the Virtual Machine Interface (VMI) in the Linux kernel 2.6.26.5 invokes write_idt_entry where write_ldt_entry was intended, which allows local users to cause a denial of service (persistent application failure) via… | |||
| CVE-2008-3833 | 0.00 | — | 0.00 | Oct 3, 2008 | The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or… | |||
| CVE-2008-3528 | 0.00 | — | 0.01 | Sep 27, 2008 | The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a… | |||
| CVE-2008-3889 | 0.00 | — | 0.01 | Sep 12, 2008 | Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a… | |||
| CVE-2008-3915 | 0.00 | — | 0.04 | Sep 11, 2008 | Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv4 is enabled, allows remote attackers to have an unknown impact via vectors related to decoding an NFSv4 acl. | |||
| CVE-2008-3911 | 0.00 | — | 0.00 | Sep 4, 2008 | The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from userspace, which allows local users to overflow a stack-based buffer and have unspecified other impact via a crafted read system call for the… | |||
| CVE-2008-3525 | 0.00 | — | 0.01 | Sep 3, 2008 | The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which… | |||
| CVE-2008-3792 | 0.00 | — | 0.03 | Sep 3, 2008 | net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service… | |||
| CVE-2008-3526 | 0.00 | — | 0.03 | Aug 27, 2008 | Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service (panic) or possibly have… | |||
| CVE-2008-3276 | 0.00 | — | 0.03 | Aug 18, 2008 | Integer overflow in the dccp_setsockopt_change function in net/dccp/proto.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers to cause a denial of service (panic) via a crafted integer value,… | |||
| CVE-2008-3686 | 0.00 | — | 0.00 | Aug 14, 2008 | The rt6_fill_node function in net/ipv6/route.c in Linux kernel 2.6.26-rc4, 2.6.26.2, and possibly other 2.6.26 versions, allows local users to cause a denial of service (kernel OOPS) via IPv6 requests when no IPv6 input device is in use, which triggers a NULL pointer dereference. | |||
| CVE-2008-3534 | 0.00 | — | 0.01 | Aug 8, 2008 | The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv… | |||
| CVE-2008-3535 | 0.00 | — | 0.01 | Aug 8, 2008 | Off-by-one error in the iov_iter_advance function in mm/filemap.c in the Linux kernel before 2.6.27-rc2 allows local users to cause a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev, as demonstrated by… | |||
| CVE-2008-3272 | 0.00 | — | 0.00 | Aug 8, 2008 | The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which… | |||
| CVE-2008-3496 | 0.00 | — | 0.03 | Aug 6, 2008 | Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors. | |||
| CVE-2008-3247 | 0.00 | — | 0.00 | Jul 24, 2008 | The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 on x86_64 platforms uses an incorrect size for ldt_desc, which allows local users to cause a denial of service (system crash) or possibly gain privileges via unspecified vectors. |
- CVE-2008-3831Oct 20, 2008risk 0.00cvss —epss 0.01
The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial…
- CVE-2008-4576Oct 15, 2008risk 0.00cvss —epss 0.04
sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer…
- CVE-2008-4554Oct 15, 2008risk 0.00cvss —epss 0.00
The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file.
- CVE-2008-4445Oct 6, 2008risk 0.00cvss —epss 0.00
The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by…
- CVE-2008-4410Oct 3, 2008risk 0.00cvss —epss 0.00
The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the Virtual Machine Interface (VMI) in the Linux kernel 2.6.26.5 invokes write_idt_entry where write_ldt_entry was intended, which allows local users to cause a denial of service (persistent application failure) via…
- CVE-2008-3833Oct 3, 2008risk 0.00cvss —epss 0.00
The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or…
- CVE-2008-3528Sep 27, 2008risk 0.00cvss —epss 0.01
The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a…
- CVE-2008-3889Sep 12, 2008risk 0.00cvss —epss 0.01
Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a…
- CVE-2008-3915Sep 11, 2008risk 0.00cvss —epss 0.04
Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv4 is enabled, allows remote attackers to have an unknown impact via vectors related to decoding an NFSv4 acl.
- CVE-2008-3911Sep 4, 2008risk 0.00cvss —epss 0.00
The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from userspace, which allows local users to overflow a stack-based buffer and have unspecified other impact via a crafted read system call for the…
- CVE-2008-3525Sep 3, 2008risk 0.00cvss —epss 0.01
The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which…
- CVE-2008-3792Sep 3, 2008risk 0.00cvss —epss 0.03
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service…
- CVE-2008-3526Aug 27, 2008risk 0.00cvss —epss 0.03
Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service (panic) or possibly have…
- CVE-2008-3276Aug 18, 2008risk 0.00cvss —epss 0.03
Integer overflow in the dccp_setsockopt_change function in net/dccp/proto.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers to cause a denial of service (panic) via a crafted integer value,…
- CVE-2008-3686Aug 14, 2008risk 0.00cvss —epss 0.00
The rt6_fill_node function in net/ipv6/route.c in Linux kernel 2.6.26-rc4, 2.6.26.2, and possibly other 2.6.26 versions, allows local users to cause a denial of service (kernel OOPS) via IPv6 requests when no IPv6 input device is in use, which triggers a NULL pointer dereference.
- CVE-2008-3534Aug 8, 2008risk 0.00cvss —epss 0.01
The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv…
- CVE-2008-3535Aug 8, 2008risk 0.00cvss —epss 0.01
Off-by-one error in the iov_iter_advance function in mm/filemap.c in the Linux kernel before 2.6.27-rc2 allows local users to cause a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev, as demonstrated by…
- CVE-2008-3272Aug 8, 2008risk 0.00cvss —epss 0.00
The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which…
- CVE-2008-3496Aug 6, 2008risk 0.00cvss —epss 0.03
Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors.
- CVE-2008-3247Jul 24, 2008risk 0.00cvss —epss 0.00
The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 on x86_64 platforms uses an incorrect size for ldt_desc, which allows local users to cause a denial of service (system crash) or possibly gain privileges via unspecified vectors.
Page 748 of 768