Vulnerabilities > Linux > Linux Kernel > 3.2.80

DATE CVE VULNERABILITY TITLE RISK
2013-11-27 CVE-2013-6382 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel
Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c.
local
high complexity
linux CWE-119
4.0
2013-11-20 CVE-2013-4579 Cryptographic Issues vulnerability in Linux Kernel
The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations.
network
linux CWE-310
4.3
2013-10-24 CVE-2013-4299 Permissions, Privileges, and Access Controls vulnerability in Linux Kernel
Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.
network
linux redhat CWE-264
6.0
2013-06-07 CVE-2013-2147 Resource Management Errors vulnerability in Linux Kernel
The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c.
local
low complexity
linux suse CWE-399
2.1
2013-02-28 CVE-2013-0343 IPv6 Temporary Addresses Remote Security vulnerability in Linux Kernel
The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages.
high complexity
linux
3.2
2012-05-17 CVE-2012-2121 Permissions, Privileges, and Access Controls vulnerability in Linux Kernel
The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices.
local
low complexity
linux CWE-264
4.9
2012-05-17 CVE-2012-1601 Resource Management Errors vulnerability in Linux Kernel
The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.
local
low complexity
linux CWE-399
4.9