Kernel
by Linux
Source repositories
CVEs (15,353)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-2445 | 0.00 | — | 0.00 | Jun 23, 2006 | Race condition in run_posix_cpu_timers in Linux kernel before 2.6.16.21 allows local users to cause a denial of service (BUG_ON crash) by causing one CPU to attach a timer to a process that is exiting. | |||
| CVE-2006-2448 | 0.00 | — | 0.00 | Jun 23, 2006 | Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required access_ok checks, which allows local users to read arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of service (crash) and possibly read kernel memory… | |||
| CVE-2006-1862 | 0.00 | — | 0.00 | May 24, 2006 | The virtual memory implementation in Linux kernel 2.6.x allows local users to cause a denial of service (panic) by running lsof a large number of times in a way that produces a heavy system load. | |||
| CVE-2006-1858 | 0.00 | — | 0.06 | May 22, 2006 | SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters. | |||
| CVE-2006-1856 | 0.00 | — | 0.03 | May 19, 2006 | Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules (LSM) file_permission hooks to the (1) readv and (2) writev functions, which might allow attackers to bypass intended access restrictions. | |||
| CVE-2006-0039 | 0.00 | — | 0.00 | May 19, 2006 | Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which… | |||
| CVE-2006-1855 | 0.00 | — | 0.00 | May 18, 2006 | choose_new_parent in Linux kernel before 2.6.11.12 includes certain debugging code, which allows local users to cause a denial of service (panic) by causing certain circumstances involving termination of a parent process. | |||
| CVE-2006-1528 | 0.00 | — | 0.00 | May 18, 2006 | Linux kernel before 2.6.13 allows local users to cause a denial of service (crash) via a dio transfer from the sg driver to memory mapped (mmap) IO space. | |||
| CVE-2006-1859 | 0.00 | — | 0.00 | May 12, 2006 | Memory leak in __setlease in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (memory consumption) via unspecified actions related to an "uninitialised return value," aka "slab leak." | |||
| CVE-2006-1860 | 0.00 | — | 0.00 | May 12, 2006 | lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (fcntl_setlease lockup) via actions that cause lease_init to free a lock that might not have been allocated on the stack. | |||
| CVE-2006-2274 | 0.00 | — | 0.04 | May 9, 2006 | Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to… | |||
| CVE-2006-2271 | 0.00 | — | 0.04 | May 9, 2006 | The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via an unexpected chunk when the session is in CLOSED state. | |||
| CVE-2006-1052 | 0.00 | — | 0.00 | May 5, 2006 | The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows local users with ptrace permissions to change the tracer SID to an SID of another process. | |||
| CVE-2006-1527 | 0.00 | — | 0.04 | May 3, 2006 | The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of service (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed by the for_each_sctp_chunk function. | |||
| CVE-2006-2071 | 0.00 | — | 0.00 | Apr 27, 2006 | Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but… | |||
| CVE-2006-1863 | 0.00 | — | 0.01 | Apr 25, 2006 | Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1864. | |||
| CVE-2006-1056 | 0.00 | — | 0.00 | Apr 20, 2006 | The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine… | |||
| CVE-2006-1525 | 0.00 | — | 0.00 | Apr 19, 2006 | ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users to cause a denial of service (panic) via a request for a route for a multicast IP address, which triggers a null dereference. | |||
| CVE-2006-1524 | 0.00 | — | 0.00 | Apr 19, 2006 | madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally… | |||
| CVE-2006-0744 | 0.00 | — | 0.00 | Apr 18, 2006 | Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS. |
- CVE-2006-2445Jun 23, 2006risk 0.00cvss —epss 0.00
Race condition in run_posix_cpu_timers in Linux kernel before 2.6.16.21 allows local users to cause a denial of service (BUG_ON crash) by causing one CPU to attach a timer to a process that is exiting.
- CVE-2006-2448Jun 23, 2006risk 0.00cvss —epss 0.00
Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required access_ok checks, which allows local users to read arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of service (crash) and possibly read kernel memory…
- CVE-2006-1862May 24, 2006risk 0.00cvss —epss 0.00
The virtual memory implementation in Linux kernel 2.6.x allows local users to cause a denial of service (panic) by running lsof a large number of times in a way that produces a heavy system load.
- CVE-2006-1858May 22, 2006risk 0.00cvss —epss 0.06
SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters.
- CVE-2006-1856May 19, 2006risk 0.00cvss —epss 0.03
Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules (LSM) file_permission hooks to the (1) readv and (2) writev functions, which might allow attackers to bypass intended access restrictions.
- CVE-2006-0039May 19, 2006risk 0.00cvss —epss 0.00
Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which…
- CVE-2006-1855May 18, 2006risk 0.00cvss —epss 0.00
choose_new_parent in Linux kernel before 2.6.11.12 includes certain debugging code, which allows local users to cause a denial of service (panic) by causing certain circumstances involving termination of a parent process.
- CVE-2006-1528May 18, 2006risk 0.00cvss —epss 0.00
Linux kernel before 2.6.13 allows local users to cause a denial of service (crash) via a dio transfer from the sg driver to memory mapped (mmap) IO space.
- CVE-2006-1859May 12, 2006risk 0.00cvss —epss 0.00
Memory leak in __setlease in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (memory consumption) via unspecified actions related to an "uninitialised return value," aka "slab leak."
- CVE-2006-1860May 12, 2006risk 0.00cvss —epss 0.00
lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (fcntl_setlease lockup) via actions that cause lease_init to free a lock that might not have been allocated on the stack.
- CVE-2006-2274May 9, 2006risk 0.00cvss —epss 0.04
Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to…
- CVE-2006-2271May 9, 2006risk 0.00cvss —epss 0.04
The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via an unexpected chunk when the session is in CLOSED state.
- CVE-2006-1052May 5, 2006risk 0.00cvss —epss 0.00
The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows local users with ptrace permissions to change the tracer SID to an SID of another process.
- CVE-2006-1527May 3, 2006risk 0.00cvss —epss 0.04
The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of service (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed by the for_each_sctp_chunk function.
- CVE-2006-2071Apr 27, 2006risk 0.00cvss —epss 0.00
Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but…
- CVE-2006-1863Apr 25, 2006risk 0.00cvss —epss 0.01
Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1864.
- CVE-2006-1056Apr 20, 2006risk 0.00cvss —epss 0.00
The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine…
- CVE-2006-1525Apr 19, 2006risk 0.00cvss —epss 0.00
ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users to cause a denial of service (panic) via a request for a route for a multicast IP address, which triggers a null dereference.
- CVE-2006-1524Apr 19, 2006risk 0.00cvss —epss 0.00
madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally…
- CVE-2006-0744Apr 18, 2006risk 0.00cvss —epss 0.00
Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS.
Page 755 of 768