Vulnerabilities > Linux > Linux Kernel

DATE CVE VULNERABILITY TITLE RISK
2009-08-14 CVE-2009-2768 NULL Pointer Dereference vulnerability in Linux Kernel
The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat binary, which triggers an access of an "uninitialized cred pointer."
local
low complexity
linux CWE-476
7.8
2009-08-14 CVE-2009-2692 Use of Uninitialized Resource vulnerability in multiple products
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
local
low complexity
linux debian suse redhat CWE-908
7.8
2009-07-05 CVE-2009-1388 Improper Locking vulnerability in Linux Kernel 2.6.18
The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace system call and a coredumping thread.
local
low complexity
linux CWE-667
5.5
2009-06-08 CVE-2009-1961 Improper Locking vulnerability in multiple products
The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions.
local
high complexity
linux debian canonical opensuse suse CWE-667
4.7
2009-04-06 CVE-2009-1243 Improper Locking vulnerability in Linux Kernel
net/ipv4/udp.c in the Linux kernel before 2.6.29.1 performs an unlocking step in certain incorrect circumstances, which allows local users to cause a denial of service (panic) by reading zero bytes from the /proc/net/udp file and unspecified other files, related to the "udp seq_file infrastructure."
local
low complexity
linux CWE-667
5.5
2009-03-18 CVE-2009-0935 Improper Locking vulnerability in Linux Kernel
The inotify_read function in the Linux kernel 2.6.27 to 2.6.27.13, 2.6.28 to 2.6.28.2, and 2.6.29-rc3 allows local users to cause a denial of service (OOPS) via a read with an invalid address to an inotify instance, which causes the device's event list mutex to be unlocked twice and prevents proper synchronization of a data structure for the inotify instance.
local
low complexity
linux CWE-667
5.5
2008-09-29 CVE-2008-4302 Improper Locking vulnerability in multiple products
fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool.
local
low complexity
linux debian redhat CWE-667
5.5
2008-09-04 CVE-2007-6716 fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test.
local
low complexity
linux canonical debian novell opensuse suse
5.5
2008-08-12 CVE-2008-3275 Classic Buffer Overflow vulnerability in multiple products
The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories.
local
low complexity
linux debian canonical suse CWE-120
5.5
2008-07-09 CVE-2008-2931 Improper Privilege Management vulnerability in multiple products
The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.
local
low complexity
linux debian novell opensuse canonical CWE-269
7.8