High

DATE	CVE	VULNERABILITY TITLE	RISK
2010-09-24	CVE-2010-3081	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010. local low complexity linux vmware suse CWE-119	7.8
2010-09-08	CVE-2010-2960	NULL Pointer Dereference vulnerability in multiple products The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function. local low complexity linux canonical suse CWE-476	7.8
2010-09-08	CVE-2010-2798	NULL Pointer Dereference vulnerability in multiple products The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c. local low complexity linux vmware canonical debian avaya opensuse suse CWE-476	7.8
2010-09-08	CVE-2010-2524	The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals. local low complexity linux vmware canonical suse	7.8
2010-09-08	CVE-2010-2492	Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors. local low complexity linux vmware avaya CWE-120	7.8
2010-05-07	CVE-2010-1437	Use After Free vulnerability in multiple products Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function. local high complexity linux opensuse suse debian CWE-416	7.0
2010-01-27	CVE-2009-4272	Improper Locking vulnerability in multiple products A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. network low complexity linux redhat CWE-667	7.5
2009-11-20	CVE-2009-4004	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc7 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a KVM_X86_SETUP_MCE IOCTL request that specifies a large number of Machine Check Exception (MCE) banks. local low complexity linux CWE-119	7.8
2009-11-16	CVE-2009-3939	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. local low complexity linux redhat canonical debian avaya suse opensuse CWE-732	7.1
2009-11-04	CVE-2009-3547	Operation on a Resource after Expiration or Release vulnerability in multiple products Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. local high complexity linux novell opensuse suse canonical fedoraproject vmware redhat CWE-672	7.0