Kernel
by Linux
Source repositories
CVEs (15,353)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-0535 | 0.00 | — | 0.00 | Aug 6, 2004 | The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources. | |||
| CVE-2004-0427 | 0.00 | — | 0.00 | Jul 7, 2004 | The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of… | |||
| CVE-2004-0178 | 0.00 | — | 0.00 | Jun 1, 2004 | The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes. | |||
| CVE-2004-0133 | 0.00 | — | 0.00 | Jun 1, 2004 | The XFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the XFS file system, which allows local users to obtain sensitive information by reading the raw device. | |||
| CVE-2004-0181 | 0.00 | — | 0.00 | Jun 1, 2004 | The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the JFS file system, which allows local users to obtain sensitive information by reading the raw device. | |||
| CVE-2004-0109 | 0.00 | — | 0.01 | Jun 1, 2004 | Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry. | |||
| CVE-2004-0177 | 0.00 | — | 0.03 | Jun 1, 2004 | The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by… | |||
| CVE-2003-1040 | 0.00 | — | 0.00 | Apr 15, 2004 | kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service (crash) by sending certain signals to kmod. | |||
| CVE-2004-0075 | 0.00 | — | 0.00 | Mar 15, 2004 | The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service. | |||
| CVE-2004-0010 | 0.00 | — | 0.00 | Mar 3, 2004 | Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges. | |||
| CVE-2002-1574 | 0.00 | — | 0.00 | Mar 3, 2004 | Buffer overflow in the ixj telephony card driver in Linux before 2.4.20 has unknown impact and attack vectors. | |||
| CVE-2004-0003 | 0.00 | — | 0.00 | Mar 3, 2004 | Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking." | |||
| CVE-2004-2136 | 0.00 | — | 0.01 | Feb 19, 2004 | dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption. | |||
| CVE-2004-0058 | 0.00 | — | 0.00 | Feb 17, 2004 | Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local users to overwrite arbitrary files via a symlink attack on the .pid_antivir_$$ temporary file. | |||
| CVE-2004-0001 | 0.00 | — | 0.00 | Feb 17, 2004 | Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges. | |||
| CVE-2003-0984 | 0.00 | — | 0.00 | Jan 5, 2004 | Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space. | |||
| CVE-2003-0956 | 0.00 | — | 0.00 | Dec 31, 2003 | Multiple race conditions in the handling of O_DIRECT in Linux kernel prior to version 2.4.22 could cause stale data to be returned from the disk when handling sparse files, or cause incorrect data to be returned when a file is truncated as it is being read, which might allow… | |||
| CVE-2003-0986 | 0.00 | — | 0.00 | Dec 31, 2003 | Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service. | |||
| CVE-2003-1161 | 0.00 | — | 0.00 | Dec 31, 2003 | exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing __WCLONE|__WALL to the sys_wait4 function. | |||
| CVE-2003-0959 | 0.00 | — | 0.02 | Dec 31, 2003 | Multiple integer overflows in the 32bit emulation for AMD64 architectures in Linux 2.4 kernel before 2.4.21 allows attackers to cause a denial of service or gain root privileges via unspecified vectors that trigger copy_from_user function calls with improper length arguments. |
- CVE-2004-0535Aug 6, 2004risk 0.00cvss —epss 0.00
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
- CVE-2004-0427Jul 7, 2004risk 0.00cvss —epss 0.00
The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of…
- CVE-2004-0178Jun 1, 2004risk 0.00cvss —epss 0.00
The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes.
- CVE-2004-0133Jun 1, 2004risk 0.00cvss —epss 0.00
The XFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the XFS file system, which allows local users to obtain sensitive information by reading the raw device.
- CVE-2004-0181Jun 1, 2004risk 0.00cvss —epss 0.00
The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the JFS file system, which allows local users to obtain sensitive information by reading the raw device.
- CVE-2004-0109Jun 1, 2004risk 0.00cvss —epss 0.01
Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.
- CVE-2004-0177Jun 1, 2004risk 0.00cvss —epss 0.03
The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by…
- CVE-2003-1040Apr 15, 2004risk 0.00cvss —epss 0.00
kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service (crash) by sending certain signals to kmod.
- CVE-2004-0075Mar 15, 2004risk 0.00cvss —epss 0.00
The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service.
- CVE-2004-0010Mar 3, 2004risk 0.00cvss —epss 0.00
Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges.
- CVE-2002-1574Mar 3, 2004risk 0.00cvss —epss 0.00
Buffer overflow in the ixj telephony card driver in Linux before 2.4.20 has unknown impact and attack vectors.
- CVE-2004-0003Mar 3, 2004risk 0.00cvss —epss 0.00
Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."
- CVE-2004-2136Feb 19, 2004risk 0.00cvss —epss 0.01
dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.
- CVE-2004-0058Feb 17, 2004risk 0.00cvss —epss 0.00
Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local users to overwrite arbitrary files via a symlink attack on the .pid_antivir_$$ temporary file.
- CVE-2004-0001Feb 17, 2004risk 0.00cvss —epss 0.00
Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges.
- CVE-2003-0984Jan 5, 2004risk 0.00cvss —epss 0.00
Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space.
- CVE-2003-0956Dec 31, 2003risk 0.00cvss —epss 0.00
Multiple race conditions in the handling of O_DIRECT in Linux kernel prior to version 2.4.22 could cause stale data to be returned from the disk when handling sparse files, or cause incorrect data to be returned when a file is truncated as it is being read, which might allow…
- CVE-2003-0986Dec 31, 2003risk 0.00cvss —epss 0.00
Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service.
- CVE-2003-1161Dec 31, 2003risk 0.00cvss —epss 0.00
exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing __WCLONE|__WALL to the sys_wait4 function.
- CVE-2003-0959Dec 31, 2003risk 0.00cvss —epss 0.02
Multiple integer overflows in the 32bit emulation for AMD64 architectures in Linux 2.4 kernel before 2.4.21 allows attackers to cause a denial of service or gain root privileges via unspecified vectors that trigger copy_from_user function calls with improper length arguments.
Page 764 of 768