Vulnerabilities > Linux > Linux Kernel > 2.6.21.5

DATE CVE VULNERABILITY TITLE RISK
2008-08-06 CVE-2008-3496 Classic Buffer Overflow vulnerability in Linux Kernel
Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors.
network
low complexity
linux CWE-120
critical
10.0
2008-07-09 CVE-2008-2931 Improper Privilege Management vulnerability in multiple products
The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.
local
low complexity
linux debian novell opensuse canonical CWE-269
7.8
2008-07-09 CVE-2008-2812 NULL Pointer Dereference vulnerability in multiple products
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
7.8
2008-05-16 CVE-2008-2136 Resource Management Errors vulnerability in multiple products
Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count.
network
low complexity
linux debian canonical CWE-399
7.8
2008-05-02 CVE-2008-1675 Resource Management Errors vulnerability in Linux Kernel
The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory.
local
low complexity
linux CWE-399
7.2
2008-05-02 CVE-2008-1375 Race Condition vulnerability in multiple products
Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.
6.9
2008-02-08 CVE-2008-0007 Resource Management Errors vulnerability in Linux Kernel
Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset.
local
low complexity
linux CWE-399
7.2
2007-09-14 CVE-2007-3740 Permissions, Privileges, and Access Controls vulnerability in Linux Kernel
The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.
local
linux CWE-264
4.4
2007-08-13 CVE-2007-3851 Resource Management Errors vulnerability in Linux Kernel
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer.
local
high complexity
linux intel CWE-399
6.0
2007-07-10 CVE-2007-3107 Local Denial of Service vulnerability in Linux PowerPC Kernel Restore_Sigcontext
The signal handling in the Linux kernel before 2.6.22, including 2.6.2, when running on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency, related to clearing of MSR bits.
local
low complexity
linux
2.1