Vulnerabilities > Linux > Linux Kernel > 2.6.23.5

DATE CVE VULNERABILITY TITLE RISK
2011-07-18 CVE-2010-4656 Out-of-bounds Write vulnerability in multiple products
The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report.
local
low complexity
linux canonical CWE-787
7.8
2011-07-18 CVE-2010-4655 Improper Initialization vulnerability in multiple products
net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call.
local
low complexity
linux vmware canonical CWE-665
5.5
2011-06-24 CVE-2011-2484 Resource Management Errors vulnerability in Linux Kernel
The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not prevent multiple registrations of exit handlers, which allows local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application.
local
low complexity
linux CWE-399
4.9
2011-06-24 CVE-2011-1770 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read.
network
low complexity
linux fedoraproject CWE-191
7.5
2011-06-22 CVE-2011-2534 Classic Buffer Overflow vulnerability in Linux Kernel
Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel before 2.6.39 might allow local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '\0' character.
local
low complexity
linux CWE-120
7.8
2011-05-26 CVE-2010-4805 Resource Exhaustion vulnerability in multiple products
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to the sk_add_backlog function and the sk_rmem_alloc socket field.
network
low complexity
linux redhat CWE-400
7.5
2011-05-26 CVE-2010-4251 Resource Exhaustion vulnerability in multiple products
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests.
network
low complexity
linux vmware redhat CWE-400
7.5
2011-05-03 CVE-2011-1577 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel
Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media.
local
low complexity
linux CWE-119
4.9
2011-04-04 CVE-2011-1083 Resource Exhaustion vulnerability in multiple products
The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
local
low complexity
linux suse redhat CWE-400
4.9
2011-03-15 CVE-2011-0695 Race Condition vulnerability in multiple products
Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference.
5.7