Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Linux_kernel
(Linux)| Repositories |
• https://github.com/torvalds/linux
• https://github.com/mjg59/linux • https://github.com/stoth68000/media-tree • https://github.com/acpica/acpica • https://github.com/derrekr/android_security |
| #Vulnerabilities | 7193 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2010-12-06 | CVE-2010-3066 | The io_submit_one function in fs/aio.c in the Linux kernel before 2.6.23 allows local users to cause a denial of service (NULL pointer dereference) via a crafted io_submit system call with an IOCB_FLAG_RESFD flag. | Linux_kernel | N/A | ||
| 2010-11-22 | CVE-2010-3432 | The sctp_packet_config function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializations of packet data structures, which allows remote attackers to cause a denial of service (panic) via a certain sequence of SCTP traffic. | Ubuntu_linux, Debian_linux, Linux_kernel, Opensuse, Linux_enterprise_real_time_extension | N/A | ||
| 2010-11-22 | CVE-2010-4165 | The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer. | Linux_kernel, Opensuse, Linux_enterprise_desktop, Linux_enterprise_real_time_extension, Linux_enterprise_server | N/A | ||
| 2010-11-22 | CVE-2010-4169 | Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call. | Fedora, Linux_kernel, Opensuse, Linux_enterprise_desktop, Linux_enterprise_real_time_extension, Linux_enterprise_server | N/A | ||
| 2010-11-26 | CVE-2010-3698 | The KVM implementation in the Linux kernel before 2.6.36 does not properly reload the FS and GS segment registers, which allows host OS users to cause a denial of service (host OS crash) via a KVM_RUN ioctl call in conjunction with a modified Local Descriptor Table (LDT). | Fedora, Linux_kernel | N/A | ||
| 2010-11-26 | CVE-2010-3705 | The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel | N/A | ||
| 2010-11-29 | CVE-2010-4249 | The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets. | Fedora, Linux_kernel | N/A | ||
| 2010-11-30 | CVE-2010-3858 | The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240. | Ubuntu_linux, Debian_linux, Linux_kernel | N/A | ||
| 2010-11-30 | CVE-2010-4248 | Race condition in the __exit_signal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers.c, and the selection of a new thread group leader in the de_thread function in fs/exec.c. | Linux_kernel | N/A | ||
| 2010-12-10 | CVE-2010-3861 | The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize a certain block of heap memory, which allows local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value, a different vulnerability than CVE-2010-2478. | Ubuntu_linux, Linux_kernel, Opensuse, Linux_enterprise_desktop, Linux_enterprise_real_time_extension, Linux_enterprise_server | N/A |