Vulnerabilities > Linux > Linux Kernel > 2.6.20.10

DATE CVE VULNERABILITY TITLE RISK
2012-05-24 CVE-2011-3359 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
The dma_rx function in drivers/net/wireless/b43/dma.c in the Linux kernel before 2.6.39 does not properly allocate receive buffers, which allows remote attackers to cause a denial of service (system crash) via a crafted frame.
network
low complexity
linux CWE-119
7.5
2012-05-24 CVE-2011-3353 Classic Buffer Overflow vulnerability in Linux Kernel
Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem.
local
low complexity
linux CWE-120
5.5
2012-05-24 CVE-2011-3191 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large length value in a response to a read request for a directory.
low complexity
linux redhat CWE-119
8.8
2012-05-24 CVE-2011-3188 The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.
network
low complexity
linux redhat f5
critical
9.1
2012-05-24 CVE-2011-2918 Resource Exhaustion vulnerability in Linux Kernel
The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application.
local
low complexity
linux CWE-400
5.5
2012-05-24 CVE-2011-2906 Resource Exhaustion vulnerability in Linux Kernel
Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service (memory consumption or memory corruption) via a negative size value in an ioctl call.
local
low complexity
linux CWE-400
5.5
2012-05-24 CVE-2011-2898 Information Exposure vulnerability in Linux Kernel
net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application.
local
low complexity
linux CWE-200
5.5
2012-05-24 CVE-2011-2707 Information Exposure vulnerability in Linux Kernel
The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not validate user-space pointers, which allows local users to obtain sensitive information from kernel memory locations via a crafted PTRACE_SETXTREGS request.
local
low complexity
linux CWE-200
6.0
2012-05-24 CVE-2011-2699 The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.
network
low complexity
linux redhat
7.5
2012-05-17 CVE-2012-2121 Permissions, Privileges, and Access Controls vulnerability in Linux Kernel
The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices.
local
low complexity
linux CWE-264
4.9