Vulnerabilities > Linux > Linux Kernel > 2.6.30.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-11-16 | CVE-2009-3939 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. | 7.1 |
| 2009-11-04 | CVE-2009-3547 | Operation on a Resource after Expiration or Release vulnerability in multiple products Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. | 7.0 |
| 2009-10-22 | CVE-2009-3621 | Resource Exhaustion vulnerability in multiple products net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket. | 5.5 |
| 2009-10-22 | CVE-2009-3620 | Use of Uninitialized Resource vulnerability in multiple products The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls. | 7.8 |
| 2009-08-14 | CVE-2009-2768 | NULL Pointer Dereference vulnerability in Linux Kernel The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat binary, which triggers an access of an "uninitialized cred pointer." | 7.8 |
| 2009-08-14 | CVE-2009-2692 | Use of Uninitialized Resource vulnerability in multiple products The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket. | 7.8 |