Product:

Linux_kernel

(Linux)
Repositories https://github.com/torvalds/linux
https://github.com/mjg59/linux
https://github.com/stoth68000/media-tree
https://github.com/acpica/acpica
https://github.com/derrekr/android_security
#Vulnerabilities 7193
Date Id Summary Products Score Patch Annotated
2014-06-25 CVE-2014-0206 Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value. Linux_kernel N/A
2014-09-01 CVE-2014-3601 The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages. Ubuntu_linux, Linux_kernel, Evergreen, Linux_enterprise_real_time_extension, Linux_enterprise_server, Suse_linux_enterprise_server N/A
2014-09-28 CVE-2012-6657 The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket. Linux_kernel, Suse_linux_enterprise_server N/A
2014-09-28 CVE-2014-0205 The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a certain reference count during requeue operations, which allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that triggers a zero count. Linux_kernel N/A
2014-09-28 CVE-2014-3535 include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) by sending invalid packets to a VxLAN interface. Linux_kernel N/A
2014-11-10 CVE-2014-3645 arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. Linux_kernel N/A
2014-11-10 CVE-2014-3610 The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c. Ubuntu_linux, Debian_linux, Linux_kernel, Evergreen, Suse_linux_enterprise_server 5.5
2014-11-10 CVE-2014-3611 Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation. Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux 4.7
2014-11-10 CVE-2014-3647 arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. Ubuntu_linux, Debian_linux, Linux_kernel, Evergreen, Linux, Enterprise_linux, Suse_linux_enterprise_server 5.5
2014-11-10 CVE-2014-3646 arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. Ubuntu_linux, Debian_linux, Linux_kernel, Evergreen, Enterprise_linux, Suse_linux_enterprise_server 5.5