Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Linux_kernel
(Linux)| Repositories |
• https://github.com/torvalds/linux
• https://github.com/mjg59/linux • https://github.com/stoth68000/media-tree • https://github.com/acpica/acpica • https://github.com/derrekr/android_security |
| #Vulnerabilities | 7191 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2015-08-31 | CVE-2015-5706 | Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via O_TMPFILE filesystem operations that leverage a duplicate cleanup operation. | Ubuntu_linux, Debian_linux, Linux_kernel | N/A | ||
| 2014-11-10 | CVE-2014-8559 | The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application. | Ubuntu_linux, Linux_kernel, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Evergreen, Opensuse, Linux, Linux_enterprise_real_time_extension, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server | N/A | ||
| 2019-12-03 | CVE-2019-19529 | In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41. | Ubuntu_linux, Linux_kernel | N/A | ||
| 2011-04-04 | CVE-2011-1083 | The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls. | Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_server | N/A | ||
| 2011-02-28 | CVE-2011-1020 | The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. | Linux_kernel | N/A | ||
| 2011-03-15 | CVE-2011-0695 | Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference. | Ubuntu_linux, Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_workstation | N/A | ||
| 2010-12-29 | CVE-2010-4565 | The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename. | Linux_kernel | N/A | ||
| 2010-09-08 | CVE-2010-2960 | The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function. | Ubuntu_linux, Linux_kernel, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server | N/A | ||
| 2019-11-21 | CVE-2019-19036 | btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero. | Linux_kernel | N/A | ||
| 2017-02-14 | CVE-2017-5972 | The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code. | Linux_kernel | N/A |