VYPR

Linux Kernel

by Ubuntu

Source repositories

CVEs (1,433)

  • CVE-2014-6417Sep 28, 2014
    risk 0.00cvss epss 0.05

    net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth…

  • CVE-2014-6416Sep 28, 2014
    risk 0.00cvss epss 0.06

    Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket.

  • CVE-2013-2206Jul 4, 2013
    risk 0.00cvss epss 0.05

    The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service…

  • CVE-2013-2164Jul 4, 2013
    risk 0.00cvss epss 0.01

    The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.

  • CVE-2013-2148Jun 7, 2013
    risk 0.00cvss epss 0.00

    The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor.

  • CVE-2013-2147Jun 7, 2013
    risk 0.00cvss epss 0.00

    The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO…

  • CVE-2013-3235Apr 22, 2013
    risk 0.00cvss epss 0.00

    net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

  • CVE-2013-3234Apr 22, 2013
    risk 0.00cvss epss 0.00

    The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

  • CVE-2013-3229Apr 22, 2013
    risk 0.00cvss epss 0.00

    The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

  • CVE-2013-3228Apr 22, 2013
    risk 0.00cvss epss 0.00

    The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

  • CVE-2013-3227Apr 22, 2013
    risk 0.00cvss epss 0.00

    The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

  • CVE-2013-0914Mar 22, 2013
    risk 0.00cvss epss 0.00

    The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a…

  • CVE-2013-0913Mar 18, 2013
    risk 0.00cvss epss 0.01

    Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of…

  • CVE-2013-0343Feb 28, 2013
    risk 0.00cvss epss 0.02

    The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation…

  • CVE-2012-4542Feb 28, 2013
    risk 0.00cvss epss 0.00

    block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.

  • CVE-2013-0311Feb 22, 2013
    risk 0.00cvss epss 0.01

    The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges.

  • CVE-2013-0290Feb 19, 2013
    risk 0.00cvss epss 0.00

    The __skb_recv_datagram function in net/core/datagram.c in the Linux kernel before 3.8 does not properly handle the MSG_PEEK flag with zero-length data, which allows local users to cause a denial of service (infinite loop and system hang) via a crafted application.

  • CVE-2013-0871Feb 18, 2013
    risk 0.00cvss epss 0.01

    Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death.

  • CVE-2012-4508Dec 21, 2012
    risk 0.00cvss epss 0.00

    Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized.

  • CVE-2012-0045Jul 3, 2012
    risk 0.00cvss epss 0.01

    The em_syscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before 3.2.14 does not properly handle the 0f05 (aka syscall) opcode, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application, as…

Page 69 of 72