| | Linux kernel security vulnerabilities
updated since 14.02.2013
|
 | | Privilege escalation, information leak. |
| | Linux kernel security vulnerabilities
updated since 02.01.2013
|
| | Invalid hot-added memory handling, information leakage on module loading, DoS. |
| 7! | Linux kernel IPv6 filterin bypass
|
| | It's possible to bypass filtering with overlapping fragments. |
| | Linux security vulnerabilities
|
| | Information leakage, DoS. |
| 6! | Linux kernel multiple security vulnerabilities
|
| | DoS conditions, information leakage. |
| 7! | Linux kernel multiple security vulnerabilities
|
| | Multiple DoS conditions, privilege escalation. |
| | Linux kernel multiple security vulnerabilities
|
| | DoS, privilege escalation. |
| 6! | Linux kernel multiple security vulnerabilities
updated since 14.05.2012
|
| | DoS conditions, protection bypass, buffer overflow |
| 6! | Linux kernel multiple security vulnerabilities
updated since 02.04.2012
|
| | DoS, information leakage, privilege escalation. |
| | Linux kernel multiple security vulnerabilities
|
| | LDM and NFSv4 file systems DoS, futexes privilege escalation. |
| 7! | Linux kernel multiple security vulnerabilities
|
| | File systems privilege escalation, /proc privilege escalation, IGMP DoS. |
| 6! | Linux privilege escalation
|
| | Under some condirions mem_write allows to overrite process memory. |
| 6! | Linux kernel multiple security vulnerabilities
|
| | DoS conditions, information leaks, privilege escalation. |
| 6! | Linux kernel multiple security vulnerabilities
|
| | Multiple DoS conditions. |
| 7! | Linux kernel multiple security vulnerabilities
|
| | Multipe local DoS conditions, information leaks, IPv6 remote DoS, X.25 code execution. |
| 7! | Linux kernel security vulnerabilities
|
| | Predictable TCP ISN numbers, CIFS client memory corruption. |
| | Linux kernel DoS
|
| | Crash on BeFS filesystem parsing. |
| | Linux kernel multiple DoS conditions
|
| | epoll() DoS conditions, tkill() privilege escalation, buffer overflows in bluetooth stack. |
| 7! | Linux kernel security vulnerabilities
updated since 08.05.2011
|
| | DoS via InfiniBand, DoS via InfinyBand disks, multiple DoS conditions, memory corruptions and information leaks, buffer overflow in IrDA, DoS via VLANs, CIFS authentication bypass, DoS via GRE. |
| | Linux kernel EFI/XFS DoS
updated since 14.04.2011
|
| | Buffer overflow on partiotion GUID parsing. |
| 8! | Linux kernel ICMP DoS
|
| | Crash on ICMP handling may be blindly remotely exploited from spoofed addresses. |
| | libvirt protection bypass |
| | | |
| | Linux kernel multiple security vulnerabilities
|
| | Privilege escalation, multiple information leaks. |
| | Linux pertiotions handling multiple security vulnerabilities
|
| | Memory corruptions, information leaks, DoS. |
| 7! | Linux kernel multiple security vulnerabilities
|
| | DoS via sendmsg, mprotect, setsockopt, Hypervisor/KVM etc, information leaks, privilege escalation. |
| | Linux privilege escalation
|
| | It's possible to elevate privileges from CAP_SYS_ADMIN to root via Phonet protocol. |
| | Linux kernel multiple security vulnerabilities
updated since 01.12.2010
|
| | Multiple DoS conditions, priviloege esclations, memory leaks from kernel memory, DoS via SCTP protocol, DoS via X.25. |
| | Linux kernel information leak
|
| | It's possible to access kernel uninitialied memory by using BPF filters. |
| 6! | Linux kernel RDS protocol privilege escalation
|
| | It's possible to overwite kernel memory regions via recvmsg() for RDS protocol. |
| 6! | Linux kernel multiple security vulnerabilities
updated since 11.09.2010
|
| | DoS conditions, CIFS client privilege escalation, do_anonymous_page privilege escalation, information leak in XFS, privilege escalation in compat_alloc_user_space(). |
| 6! | Linux kernel multiple security vulnerabilities
|
| | Information leaks, privilege escalations, DoS. |
| | Linux kernel privilege escalation
|
| | Privilege escalation with wake_futex_pi function. |
| 9! | Linux kernel multiple security vulnerabilities
|
| | DoS conditions, privilege escalations, kernel memory access, weak permissions. |
| 7! | Linux kernel multiple security vulnerabilities
|
| | Crash on malformed IP packet defragmentation, privilege escalation with Ext4 "move extents" ioctl. |
| 6! | Linux kernel multiple security vulnerabilities
|
| | Information leakage, DoS conditions, privilege escalation. |
| | kvm privilege escalation
|
| | kvm_emulate_hypercall doesn't filter MMU hypercalls from ring 0. |
| 7! | Linux kernel uninitialized pointers
updated since 14.08.2009
|
| | proto_ops structure uninitialized pointers. |
| | Linux kernel DoS
|
| | NULL pointer dereference on /dev/kvm call handling. |
| 6! | Linux eCryptfs buffer overflow
|
| | Buffer overflows on parse_tag_11_packet and parse_tag_3_packet functions. |
| 7! | Linux kernel privilege escalation
updated since 20.07.2009
|
| | Error in NULL pointer dereference error handling. |
| 6! | Linux kernel multiple security vulnerabilities
|
| | RTL8169 driver DoS, deadlock in inode processing code. |
| | Linux kernel DoS
|
| | Deadlog on splice calls handling. |
| 6! | Linux kernel multiple security vulnerabilities
|
| | CIFS client buffer overflow, Xen DoS, nfs4 files execution. |
| 7! | Linux kernel multiple security vulnerabilities
|
| | Multiple DoS conditions, peivilege escalations, information leaks and memory corruptions. |
| | Linux kernel multiple security vulnerabilities
|
| | Unauthorized skfp_ioctl statistics reset, getsockopt() information leak. |
| | Linux kernel multiple security vulnerabilities
|
| | Multiple DoS conditions. |
| | Linux kernel DoS
|
| | Race conditions during socket message input/ouput processing on Unix sockets. |
| 6! | Linux kernel multiple security vulnerabilities
updated since 09.12.2008
|
| | Double listen() on the same socket causes creation of unassigned vcc table entry, which causes infinite loop in kernel on attempt to cat vc table. inotify subsystem race conditions allow privilege escalation, socket-related memory exhaustion. chip_command() NULL pointer dereference. HFS file sytem mounting buffer overflow. |
| 6! | Linux kernel multiple security vulnerabilities
updated since 05.11.2008
|
| | Buffer overflow on oversized ESSID in ndiswrapper. DoS with corrupter ext2 / ext3 filesystem. |
| | Linux kernel multiple security vulnerabilities
|
| | Multiple DoS conditions |
| 6! | Linux kernel multiple security vulnerabilities
updated since 14.10.2008 |
| | | |
| | Linux kernel multiple security vulnerabilities
updated since 13.09.2008
|
| | Multiple local DoS conditions, snd_seq_oss_synth_make_info() information leaks, integer overflows in DCCP and SCTP_AUTH_KEY. |
| 6! | Linux kernel multiple security vulnerabilities
|
| | IPSec ESP pacjet parsing DoS, multiple local DoS conditions, kernel memory data leak, privilege escalation. |
| 8! | Linux kernel multiple security vulnerabilities
|
| | Buffer overflow in CIFS and SNMP ASN.1 parsing code. Buffer overflow in DCCP. |
| | Linux kernel multiple security vulnerabilities
|
| | fcntl() race conditions, tehuti driver privilege escalation. |
| | Linux multiple security vulnerabilities
|
| | Memory leak in IPv6 over IPv4 tunnels, mmap DoS on the SPARC architecture, DoS on amd64 architecture, DoS with hrtimer integer overflow on 64bit architectures. |
| | Linux kernel DoS
|
| | fcntl code race conditions. |
| 6! | Linux multiple security vulnerabilities
|
| | Multiple DoS conditions and privilege escalation. |
| 6! | Linux kernel information leak
|
| | Kernel memory access with fault handlers. |
| 7! | Linux kernel multiple security vulnerabilities
updated since 11.02.2008
|
| | Kernel memory access with vmsplice syscall, access between virtual machines with /proc |
| 6! | Linux kernel filesystem DoS
|
| | Local user can corrupt filesystem. |
| 6! | Linux kernel IPv6 DoS
|
| | Uninitialized memory reference. |
| 7! | Linux multiple security vulnerabilities
|
| | DoS with minix filesystem, integer overflow in hrtimer subsystem, buffer overflow on ISDN IOCTL handling, invalid coredump files handling. |
| | Linux kernel hpet timers DoS |
| | | |
| | Linux multiple security vulnerabilities
|
| | Integer overflow on IEEE 802.11 frame, DoS with minix filesystem. |
| 6! | Linux kernel multiple security vulnerabilities
|
| | Multiple DoS conditions. |
| | Linux kernel JFFS2 filesystem permissions vulnerability
|
| | New permissions are not saved to media, cause the use of older permissions on media remount. |
| | Linux kernel ALSA information leak
|
| | snd_proc_mem_read returns uninitialized kernel memory data. |
| 6! | 64-bit Linux kernel privilege escalation
|
| | Insufficient registry access validation on 32-bit syscalls emulation. |
| | Linux aacraid driver IOCTL privilege escalation
|
| | Insufficient user's permissions check leads to denial of service conditions or privilege escalation. |
| 6! | Multiple Linux kernel vulnerabilities
|
| | nf_conntrack_h323 NULL pointer dereference, invalid suid applications parent process termination signal handling, privilege escalation on Intel 965 chipset. |
| 6! | Linux kernel multiple security vulnerabilities
updated since 19.07.2007
|
| | DoS with cluster manager, DoS with usblcd driver, DoS with VFAT IOCTL. |
| 6! | Linux kernel multiple security vulnerabilities
|
| | Kernel memory content leak in cpuset and setsockopt. Weak PRNG generator. GEODE-AES weak encryption key generation. |
| 6! | Array overflow in Linux kernel
|
| | DecNET dn_fib_props() and TCP/IP fib_props() functions array index overflow. |
| | Linux netlink DoS
|
| | Invalid processing of NETLINK_FIB_LOOKUP responses. |
| 6! | Linux and BSD based Unix system IPv6 traffic amplification
|
| | IPv6 routing header allows to set route in a way to trasmit packet for multiple times over the same link. |
| | Linux AppleTalk DoS
|
| | Denial of Service on AppleTalk frame parsing. |
| | Linux IPv6 socket double memory free vulnerability
|
| | Double memory free in ipv6_fl_socklist. |
| 6! | Linux kernel DCCP information leak
|
| | Integer overflow in getsockopt for SOL_DCCP gives ability to read content of kernel memory. |
| 6! | Linux netfilter multiple security vulnerabilities
|
| | Protection bypass with fragmented IPv6 packets, denial of service. |
| | Linux setsockopt / getsockopt IPv6 DoS
|
| | IPV6_RTHDR option with invalid value causes system crash. |
| 7! | Linux CAPI library buffer overflow
|
| | Buffer overflow in debug printing function. |
| 6! | Linux SCSI devices unauthorized access
|
| | pam module problem allows console users to access generic SCSI and pseudo-SCSI devices directly. |
| | Linux kernel privilege escalation
updated since 11.11.2004
|
| | Invalid exception conditions handling leads to multiple reace conditions with privileged memory access. |
| 6! | Linux kernel keyctl DoS
|
| | Race condition during unique key generation cause NULL pointer dereference on multiprocessor box. |
| | Multiple Linux kernel vulnerabilities
|
| | Multiple DoS conditions in syscalls processing. |
| | Multiple Linux kernel security vulnerabilities
|
| | IrDA TTP header buffer overflow. Tokenring memory corruption. do_coredump symbolic links problem. |
| | Linux Kernel Bluetooth CAPI DoS
|
| | It's possible to overwrite internal kernel objects with CAPI message. |
| 6! | Linux kernel IPv6 filtering bypass
|
| | It's possible to bypass filtering by using fragmented packets. |
| | Linux kernel DoS
|
| | Special SO_LINGER value for SCTP socket causes system to crash. ELF loader vulnerability on 64-bit system causes system to crash on malformed ELF binary. |
| | Linux kernel ULE packet DoS
|
| | Crash on receiving packet with zero SNDU length. |
| | Linux kernel UDF DoS
|
| | System crash on connecting device (USB, CD-ROM) with invalid UDF filesystem. |
| 6! | Linux SCTP privilege escalation |
| | | |
| | Multiple Linux kernel DoS condiotions
|
| | DoS with SG driver, HID0[31] bit clearing problem on PPC970 processors. |
| 6! | Linux kernel procfs race conditions
|
| | Privilege escalation is possible. |
| 7! | Linux cored ump files privilege escalation
|
| | Application can create coredump file in any directory by setting rlimits. |
| 6! | Linux / FreeBSD kernel SMBFS/CIFSFS chroot restriction bypass
updated since 28.04.2006
|
| | It's possible to traverse chroot directory. |
| 6! | Multiple Linux kernel security vulnerabilities
|
| | sys_mbind() buffer overflow, SELinux module DoS, /sys filesystem DoS, amd64 debugging race conditions DoS, getsockopt() kernel memory content leak, ip_route_input() DoS. |
| | Linux kernel perfmon DoS
|
| | Race conditions on mm_struct structure access. |
| | Linux kernel keyring DoS
|
| | System crash on invalid __keyring_search_one() argument. |
| | Linux kernel sys_timer_create() DoS
|
| | Creation of large number of timers causes memory exhaustion and system crash. |
| 7! | Linux kernel multiple vulnerabilities
updated since 22.03.2006
|
| | Integer overflow in netfilter's do_replace() function, memory corruption in usb/gadget driver. Kernel memory content leak through sockaddr_in.sin_zero. |
| | Linux kernel die_if_kernel() DoS
|
| | DoS on Itanium platform. |
| 6! | Linux kernel ICMP DoS
|
| | record-route or timestamp IP options handling vulnerability. |
| 6! | Linux kernel multiple DoS conditions
|
| | Local DoS with netlink_rcv_skb(), few DoS conditions with PPTP NAT. |
| | BSD systems securelevel protection bypass
updated since 09.01.2006
|
| | By mounting different filesystem it's possible to mask file flagged 'immutable'. It's possible to rollback system tiime by setting it to maximum value. |
| 7! | Multiple Linux kernel vulnerabilities
|
| | sendmsg() stack based buffer overflow, raw_sendmsg() kernel memory access, ipt_recent module DoS, fput() DoS on 64-bit platforms with 32-bit emulation, DRM debugging sensitive information access, Orinoco driver kernel memory access, AUDITSYSCALL memory leak, user's VT terminal access, ip_vs_conn_flush race conditions. |
| 7! | Multiple linux kernels vulnerabilities
|
| | NAt feature DoS, sys_get_thread_area() kernel memory content leak, ip_vs_conn_flush() race conditions, Posix timers DoS, rose_rt_ioctl() DoS. |
| | Linux IPv6 sockets DoS
|
| | Endless loop is possible within udp_v6_get_port() function. |
| 6! | Linux kernel console keyboard mapping commands execution
|
| | User can set keyboard mapping which will impact next users on this console. |
| | Ethernet frame padding information leakage
updated since 08.01.2003
|
| | Incorrect memory managment causes ethernet fame padding bytes may contain sensitive information. |
| | Linux kernel memory leaks
|
| | Memory leaks may potentially lead to DoS conditions. |
| 6! | Multiple Linux kernel vulnerabilities
|
| | sys_set_mempolicy() negative argument DoS, race CLONE_VM DoS conditions, race TASK_TRACED state DoS conditions, ioremap amd64 platform memory access, HFS and HFS+ filesystem drivers DoS, remote ebtables netfilter module remote DoS on SMP platforms. |
| 7! | Multiple Linux kernel vulnerabilities
updated since 10.09.2005
|
| | Remote DoS with netfilter ipt_recent module. Privilege escalation with sendmsg() for amd64 platform. Reading kernel memory and IO ports with raw_sendmsg(). Memory leaks with procfs for SCSI drivers. USB DoS. |
| | Linux kernel fget() DoS
|
| | sockfd_put() call is missed in routing_ioctl(), leading to resource consumption and system crash. |
| 6! | Multiple Linux kernel bugs |
| | | |
| 6! | Linux kernel multiple vulnerabilities
|
| | Multiple DoS conditions, code execution while mounting compressed ISO file system, IPSec protection bypass by local user. |
| 6! | Linux NFS Network File System buffer overflow
|
| | Buffer overflow on parsing nfsacl protocol XDR data. |
| | Linux kernel keyring management DoS
|
| | System crash on attempt to delete uninstantiated keyring. Semaphore leakage on KEYCTL_JOIN_SESSION_KEYRING operation. |
| | Linux kernel XFRM array overflow |
| | | |
| 6! | Linux kernel ia32 compatibility for 64 bit platforms race condtions
|
| | Race conditions with heap memory corruption in execve() syscall. |
| 6! | Multiple hardware platforms hyper threading technology systems information leak
updated since 13.05.2005
|
| | Unprivileged thread can read data from privileged thread memory from CPU cache memory. |
| 7! | Linux kernel msync race conditions
|
| | Race conditions allow inject dynamic library into process space. |
| 7! | Multiple Linux kernel vulnerabilities
|
| | DoS and possible code execution on invalid mmap() arguments, ptrace problem rase again on amd64 platform. |
| 6! | Linux kernel pktcdvd privilege escalation
|
| | Rawdevice ioctl handler parameters are not checked. |
| 6! | Linux kernel coredump pribilege escalation
|
| | Bug in ELF format parsing leads to code execition. |
| | Linux kernel it87 and via686a drivers DoS
|
| | Insecure permissions lead to ability of resource exhaustion. |
| | Linux kernel multiple vulnerabilities
|
| | sysfs_write_file() integer overflow, futex functions DoS, ext3 and jfs race conditions. |
| | Linux kernel AIO DoS
|
| | Call to io_queue_release() without call to io_queue_release() causes system crash on 64bit platforms (PPC64 and IA64). |
| 6! | Linux ext2 filesystem information leak
|
| | During directory creating random data from kernel memory are written to disk. |
| 7! | Multiple Linux Kernel vulnerabilities
|
| | Privilege escalation with ATI Radeon drivers, remote denial of service with Netfilter. |
| 6! | Linux Kernel Bluetooth support integer overflow
|
| | Integer overflow in socket call processing. |
| | Linux ISO9660 filesystem multiple memory corruptions
|
| | Multiple bugs leading to memory corruptions. |
| 6! | Multiple Linux kernel security vulnerabilities
|
| | Arbitrary process memory control, race conditions, buffer overflow, DoS, IP filtering bypass. |
| 9! | Linux kernel multiple bugs
|
| | Race conditions in uselib() leading to possibilityto overwrite kernel memory regions. Integer overflows in multiple drivers (random poolsize, scsi ioctl, moxa). RLIMIT_MEMLOCK protection bypass. mlockall DoS. Privilege escalation with race conditions on page fault with SMP platforms. |
| 7! | Multiple Linux kernel bugs
updated since 15.12.2004
|
| | DoS, privilege escalation, buffer overflow on 32bit calls emulation under 64bit platforms. |
| | Linux kernel Capability LSM privilege escalation
|
| | Aplication started before module load have elevated privileges. |
| | Linux kernel __scm_send DoS
|
| | Race conditions leading to deadlock. |
| 6! | Multiple linux kernel IGMP processing bugs
|
| | DoS, kernel memory access. |
| | Multiple Linux smbfs bugs
|
| | Multiple bugs on parsing server replies. |
| 6! | Linux iptables logging DoS
|
| | integer overflow causes kernel crash if logging is enabled. |
| 6! | Multiple Linux kernel bugs
|
| | ReiserFS DoS, hugetlbfs protection bypass. |
| 6! | Linux kernel race konditions
|
| | Race conditions on TIOCSETLD during read/write operation on same terminal can cause system to crash and potentially may lead to privilege escalation. |
| | Linux CD protection bypass
|
| | user with read-only access can bypass these permissions and perform write and erase operations on media in a drive. |
| 6! | Linux kernel integer overflows
|
| | integer overflow on write() in kNFSd and XDR decoding. |
| | linux kernel information leak
|
| | /proc problems hit again |
| | Linux kernel integer types conversion problems.
|
| | It's possible to access kernel memory because of inters conversion bug in 64bit file API (for example llseek). |
| 7! | Multiple linux kernel bugs
|
| | chown: users can change the group affiliation of arbitrary files to the group they belong to, missing DAC check in chown(2): local privilege escalation, overflow with signals: local denial-of-service, pss, mpu401 sound driver: read/write to complete memory, airo driver: read/write to complete memory, ALSA: copy_from_user/copy_to_user confused, acpi_asus: read from random memory, decnet: write to memory without checking, e1000 driver: read complete memory
|
| 6! | Linux TCP options signed/unsigned conversions DoS
|
| | TCP option length over 127 bytes can cause infinit loop inside netfilter if options are used in filtering rules. |
| | linux kerndel floating point exception DoS
|
| | Problem with floating point exceptions lead to unstable kernel state. |
| 6! | Linux kernel multiple bugs
|
| | cpufreq privilege escalation, multiple SCSI drivers weak permissions. |
| 6! | Linux kernel in/out ports access
|
| | Mask for input/output permissions is not cleared for child process. It may lead to unauthorized access to i/o ports. |
| 8! | linux kernel ip_setsockopt integer overflow
|
| | Integer overflow on MCAST_MSFILTER option processing. |
| | linux threaded processes DoS
|
| | SIGRT_1 signal can be delivired to application causing invalid handling of child threads termination. |
| 9! | linux kernel mremap privilege escalation
updated since 05.01.2004
|
| | It's possible to map memory page of zero size causing memory corruption in kernel. |
| | smbmnt privilege escalation
|
| | Few distributions have smbmnt installed suid root. It allows user to mount external drive and run any application as suid. |
| | |
