Vulnerabilities > Linux > Linux Kernel > 2.6.15.5

DATE CVE VULNERABILITY TITLE RISK
2010-04-12 CVE-2010-1148 Null Pointer Dereference vulnerability in Linux Kernel
The cifs_create function in fs/cifs/dir.c in the Linux kernel 2.6.33.2 and earlier allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a NULL nameidata (aka nd) field in a POSIX file-creation request to a server that supports UNIX extensions.
local
linux CWE-476
4.7
2010-04-06 CVE-2010-1085 Numeric Errors vulnerability in Linux Kernel
The azx_position_ok function in hda_intel.c in Linux kernel 2.6.33-rc4 and earlier, when running on the AMD780V chip set, allows context-dependent attackers to cause a denial of service (crash) via unknown manipulations that trigger a divide-by-zero error.
network
linux CWE-189
7.1
2010-04-06 CVE-2010-1083 Resource Management Errors vulnerability in Linux Kernel
The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory).
local
linux CWE-399
4.7
2010-03-31 CVE-2010-1188 Resource Management Errors vulnerability in Linux Kernel
Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20, when IPV6_RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is in a listening (TCP_LISTEN) state, which is not properly handled and causes the skb structure to be freed.
network
linux CWE-399
7.1
2010-03-19 CVE-2009-4271 Unspecified vulnerability in Linux Kernel
The Linux kernel 2.6.9 through 2.6.17 on the x86_64 and amd64 platforms allows local users to cause a denial of service (panic) via a 32-bit application that calls mprotect on its Virtual Dynamic Shared Object (VDSO) page and then triggers a segmentation fault.
local
linux
4.7
2010-03-16 CVE-2010-0727 Resource Management Errors vulnerability in multiple products
The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions.
local
low complexity
linux debian redhat CWE-399
4.9
2010-01-12 CVE-2009-4538 Remote Security Bypass vulnerability in Linux Kernel
drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.
network
low complexity
linux debian
critical
10.0
2010-01-12 CVE-2009-4537 Improper Input Validation vulnerability in Linux Kernel
drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register.
network
low complexity
linux debian CWE-20
7.8
2010-01-12 CVE-2009-4536 Numeric Errors vulnerability in Linux Kernel
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload.
network
low complexity
linux debian CWE-189
7.8
2009-12-13 CVE-2009-4306 Denial-Of-Service vulnerability in Linux Kernel
Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel 2.6.32-git6 and earlier allows local users to cause a denial of service (filesystem corruption) via unknown vectors, a different vulnerability than CVE-2009-4131.
local
low complexity
linux
4.9