Kernel
by Linux
Source repositories
CVEs (15,793)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-0658 | 0.00 | — | 0.00 | Aug 6, 2004 | Integer overflow in the hpsb_alloc_packet function (incorrectly reported as alloc_hpsb_packet) in IEEE 1394 (Firewire) driver 2.4 and 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via the functions (1) raw1394_write, (2)… | |||
| CVE-2004-0427 | 0.00 | — | 0.00 | Jul 7, 2004 | The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of… | |||
| CVE-2004-0133 | 0.00 | — | 0.00 | Jun 1, 2004 | The XFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the XFS file system, which allows local users to obtain sensitive information by reading the raw device. | |||
| CVE-2004-0109 | 0.00 | — | 0.01 | Jun 1, 2004 | Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry. | |||
| CVE-2004-0181 | 0.00 | — | 0.00 | Jun 1, 2004 | The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the JFS file system, which allows local users to obtain sensitive information by reading the raw device. | |||
| CVE-2004-0177 | 0.00 | — | 0.03 | Jun 1, 2004 | The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by… | |||
| CVE-2004-0178 | 0.00 | — | 0.00 | Jun 1, 2004 | The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes. | |||
| CVE-2003-1040 | 0.00 | — | 0.00 | Apr 15, 2004 | kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service (crash) by sending certain signals to kmod. | |||
| CVE-2004-0075 | 0.00 | — | 0.00 | Mar 15, 2004 | The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service. | |||
| CVE-2004-0010 | 0.00 | — | 0.00 | Mar 3, 2004 | Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges. | |||
| CVE-2004-0003 | 0.00 | — | 0.00 | Mar 3, 2004 | Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking." | |||
| CVE-2002-1574 | 0.00 | — | 0.00 | Mar 3, 2004 | Buffer overflow in the ixj telephony card driver in Linux before 2.4.20 has unknown impact and attack vectors. | |||
| CVE-2004-2136 | 0.00 | — | 0.01 | Feb 19, 2004 | dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption. | |||
| CVE-2004-0058 | 0.00 | — | 0.00 | Feb 17, 2004 | Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local users to overwrite arbitrary files via a symlink attack on the .pid_antivir_$$ temporary file. | |||
| CVE-2004-0001 | 0.00 | — | 0.00 | Feb 17, 2004 | Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges. | |||
| CVE-2003-0984 | 0.00 | — | 0.00 | Jan 5, 2004 | Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space. | |||
| CVE-2003-0959 | 0.00 | — | 0.02 | Dec 31, 2003 | Multiple integer overflows in the 32bit emulation for AMD64 architectures in Linux 2.4 kernel before 2.4.21 allows attackers to cause a denial of service or gain root privileges via unspecified vectors that trigger copy_from_user function calls with improper length arguments. | |||
| CVE-2003-0986 | 0.00 | — | 0.00 | Dec 31, 2003 | Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service. | |||
| CVE-2003-0956 | 0.00 | — | 0.00 | Dec 31, 2003 | Multiple race conditions in the handling of O_DIRECT in Linux kernel prior to version 2.4.22 could cause stale data to be returned from the disk when handling sparse files, or cause incorrect data to be returned when a file is truncated as it is being read, which might allow… | |||
| CVE-2003-1161 | 0.00 | — | 0.00 | Dec 31, 2003 | exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing __WCLONE|__WALL to the sys_wait4 function. |
- CVE-2004-0658Aug 6, 2004risk 0.00cvss —epss 0.00
Integer overflow in the hpsb_alloc_packet function (incorrectly reported as alloc_hpsb_packet) in IEEE 1394 (Firewire) driver 2.4 and 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via the functions (1) raw1394_write, (2)…
- CVE-2004-0427Jul 7, 2004risk 0.00cvss —epss 0.00
The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of…
- CVE-2004-0133Jun 1, 2004risk 0.00cvss —epss 0.00
The XFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the XFS file system, which allows local users to obtain sensitive information by reading the raw device.
- CVE-2004-0109Jun 1, 2004risk 0.00cvss —epss 0.01
Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.
- CVE-2004-0181Jun 1, 2004risk 0.00cvss —epss 0.00
The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the JFS file system, which allows local users to obtain sensitive information by reading the raw device.
- CVE-2004-0177Jun 1, 2004risk 0.00cvss —epss 0.03
The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by…
- CVE-2004-0178Jun 1, 2004risk 0.00cvss —epss 0.00
The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes.
- CVE-2003-1040Apr 15, 2004risk 0.00cvss —epss 0.00
kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service (crash) by sending certain signals to kmod.
- CVE-2004-0075Mar 15, 2004risk 0.00cvss —epss 0.00
The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service.
- CVE-2004-0010Mar 3, 2004risk 0.00cvss —epss 0.00
Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges.
- CVE-2004-0003Mar 3, 2004risk 0.00cvss —epss 0.00
Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."
- CVE-2002-1574Mar 3, 2004risk 0.00cvss —epss 0.00
Buffer overflow in the ixj telephony card driver in Linux before 2.4.20 has unknown impact and attack vectors.
- CVE-2004-2136Feb 19, 2004risk 0.00cvss —epss 0.01
dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.
- CVE-2004-0058Feb 17, 2004risk 0.00cvss —epss 0.00
Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local users to overwrite arbitrary files via a symlink attack on the .pid_antivir_$$ temporary file.
- CVE-2004-0001Feb 17, 2004risk 0.00cvss —epss 0.00
Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges.
- CVE-2003-0984Jan 5, 2004risk 0.00cvss —epss 0.00
Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space.
- CVE-2003-0959Dec 31, 2003risk 0.00cvss —epss 0.02
Multiple integer overflows in the 32bit emulation for AMD64 architectures in Linux 2.4 kernel before 2.4.21 allows attackers to cause a denial of service or gain root privileges via unspecified vectors that trigger copy_from_user function calls with improper length arguments.
- CVE-2003-0986Dec 31, 2003risk 0.00cvss —epss 0.00
Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service.
- CVE-2003-0956Dec 31, 2003risk 0.00cvss —epss 0.00
Multiple race conditions in the handling of O_DIRECT in Linux kernel prior to version 2.4.22 could cause stale data to be returned from the disk when handling sparse files, or cause incorrect data to be returned when a file is truncated as it is being read, which might allow…
- CVE-2003-1161Dec 31, 2003risk 0.00cvss —epss 0.00
exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing __WCLONE|__WALL to the sys_wait4 function.
Page 786 of 790