Vulnerabilities > Linux > Linux Kernel > 2.6.16.52

DATE CVE VULNERABILITY TITLE RISK
2008-09-29 CVE-2008-4302 Improper Locking vulnerability in multiple products
fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool.
local
low complexity
linux debian redhat CWE-667
5.5
2008-09-04 CVE-2007-6716 fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test.
local
low complexity
linux canonical debian novell opensuse suse
5.5
2008-08-12 CVE-2008-3275 Classic Buffer Overflow vulnerability in multiple products
The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories.
local
low complexity
linux debian canonical suse CWE-120
5.5
2008-08-08 CVE-2008-3535 Off-By-One Error vulnerability in Linux Kernel
Off-by-one error in the iov_iter_advance function in mm/filemap.c in the Linux kernel before 2.6.27-rc2 allows local users to cause a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev, as demonstrated by testcases/kernel/fs/ftest/ftest03 from the Linux Test Project.
local
low complexity
linux debian canonical CWE-193
4.9
2008-08-06 CVE-2008-3496 Classic Buffer Overflow vulnerability in Linux Kernel
Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors.
network
low complexity
linux CWE-120
critical
10.0
2008-07-09 CVE-2008-2931 Improper Privilege Management vulnerability in multiple products
The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.
local
low complexity
linux debian novell opensuse canonical CWE-269
7.8
2008-07-09 CVE-2008-2812 NULL Pointer Dereference vulnerability in multiple products
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
7.8
2008-05-16 CVE-2008-2136 Resource Management Errors vulnerability in multiple products
Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count.
network
low complexity
linux debian canonical CWE-399
7.8
2008-05-08 CVE-2008-1669 Race Condition vulnerability in Linux Kernel
Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table."
local
linux CWE-362
6.9
2008-05-02 CVE-2008-1675 Resource Management Errors vulnerability in Linux Kernel
The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory.
local
low complexity
linux CWE-399
7.2