Vulnerabilities > Linux > Linux Kernel > 2.4.17

DATE CVE VULNERABILITY TITLE RISK
2010-05-07 CVE-2010-1451 Out-Of-Bounds Write vulnerability in multiple products
The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the Linux kernel before 2.6.33 on the SPARC platform does not properly obtain the value of a certain _PAGE_EXEC_4U bit and consequently does not properly implement a non-executable stack, which makes it easier for context-dependent attackers to exploit stack-based buffer overflows via a crafted application.
local
low complexity
linux debian CWE-787
2.1
2010-05-07 CVE-2010-1437 Use After Free vulnerability in multiple products
Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function.
local
high complexity
linux opensuse suse debian CWE-416
7.0
2010-04-12 CVE-2010-1146 Permissions, Privileges, and Access Controls vulnerability in Linux Kernel
The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows local users to gain privileges by modifying (1) extended attributes or (2) ACLs, as demonstrated by deleting a file under .reiserfs_priv/xattrs/.
local
linux CWE-264
6.9
2010-04-12 CVE-2010-1148 Null Pointer Dereference vulnerability in Linux Kernel
The cifs_create function in fs/cifs/dir.c in the Linux kernel 2.6.33.2 and earlier allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a NULL nameidata (aka nd) field in a POSIX file-creation request to a server that supports UNIX extensions.
local
linux CWE-476
4.7
2010-04-06 CVE-2010-1085 Numeric Errors vulnerability in Linux Kernel
The azx_position_ok function in hda_intel.c in Linux kernel 2.6.33-rc4 and earlier, when running on the AMD780V chip set, allows context-dependent attackers to cause a denial of service (crash) via unknown manipulations that trigger a divide-by-zero error.
network
linux CWE-189
7.1
2010-04-06 CVE-2010-1083 Resource Management Errors vulnerability in Linux Kernel
The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory).
local
linux CWE-399
4.7
2010-03-16 CVE-2010-0727 Resource Management Errors vulnerability in multiple products
The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions.
local
low complexity
linux debian redhat CWE-399
4.9
2010-01-12 CVE-2009-4538 Remote Security Bypass vulnerability in Linux Kernel
drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.
network
low complexity
linux debian
critical
10.0
2010-01-12 CVE-2009-4537 Improper Input Validation vulnerability in Linux Kernel
drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register.
network
low complexity
linux debian CWE-20
7.8
2010-01-12 CVE-2009-4536 Numeric Errors vulnerability in Linux Kernel
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload.
network
low complexity
linux debian CWE-189
7.8