Vulnerabilities > Linux > Linux Kernel > 2.6.16.24

DATE CVE VULNERABILITY TITLE RISK
2013-06-07 CVE-2013-2128 Resource Exhaustion vulnerability in Linux Kernel
The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service (system crash) via a crafted splice system call for a TCP socket.
local
low complexity
linux CWE-400
5.5
2013-04-13 CVE-2013-2596 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.
local
low complexity
linux motorola CWE-190
7.8
2013-03-01 CVE-2011-2479 Resource Management Errors vulnerability in Linux Kernel
The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system crash) via a crafted application.
local
low complexity
linux CWE-399
5.5
2013-02-28 CVE-2013-0343 IPv6 Temporary Addresses Remote Security vulnerability in Linux Kernel
The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages.
high complexity
linux
3.2
2013-02-13 CVE-2013-0190 Improper Input Validation vulnerability in Linux Kernel
The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service (guest crash) by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption.
local
low complexity
linux CWE-20
4.9
2012-10-03 CVE-2012-3552 Race Condition vulnerability in multiple products
Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic.
network
high complexity
linux redhat CWE-362
5.9
2012-05-24 CVE-2011-4081 NULL Pointer Dereference vulnerability in Linux Kernel
crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.
local
low complexity
linux CWE-476
5.5
2012-05-24 CVE-2011-3363 Improper Input Validation vulnerability in multiple products
The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.
low complexity
linux redhat CWE-20
6.5
2012-05-24 CVE-2011-3359 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
The dma_rx function in drivers/net/wireless/b43/dma.c in the Linux kernel before 2.6.39 does not properly allocate receive buffers, which allows remote attackers to cause a denial of service (system crash) via a crafted frame.
network
low complexity
linux CWE-119
7.5
2012-05-24 CVE-2011-3353 Classic Buffer Overflow vulnerability in Linux Kernel
Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem.
local
low complexity
linux CWE-120
5.5