Vulnerabilities > Linux > Linux Kernel > 3.0.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-06-07 | CVE-2013-2147 | Resource Management Errors vulnerability in Linux Kernel The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. | 2.1 |
2013-04-13 | CVE-2013-2596 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program. | 7.8 |
2013-02-28 | CVE-2013-1772 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel The log_prefix function in kernel/printk.c in the Linux kernel 3.x before 3.4.33 does not properly remove a prefix string from a syslog header, which allows local users to cause a denial of service (buffer overflow and system crash) by leveraging /dev/kmsg write access and triggering a call_console_drivers function call. | 4.0 |
2013-02-28 | CVE-2013-0343 | IPv6 Temporary Addresses Remote Security vulnerability in Linux Kernel The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages. high complexity linux | 3.2 |
2013-02-18 | CVE-2013-0160 | Information Exposure vulnerability in Linux Kernel The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. | 2.1 |
2013-02-18 | CVE-2012-4398 | Improper Input Validation vulnerability in Linux Kernel The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via a crafted application. | 4.9 |
2012-05-24 | CVE-2011-4081 | NULL Pointer Dereference vulnerability in Linux Kernel crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket. | 5.5 |
2012-05-24 | CVE-2011-3353 | Classic Buffer Overflow vulnerability in Linux Kernel Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem. | 5.5 |
2012-05-24 | CVE-2011-3188 | The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets. | 9.1 |
2012-05-24 | CVE-2011-2918 | Resource Exhaustion vulnerability in Linux Kernel The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application. | 5.5 |