CVE & Exploit Intelligence Database

CVE-2008-1294 EPSS 0.00

Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits.

CWE-399 May 02, 2008

CVE-2008-1375 EPSS 0.00

Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.

CWE-362 May 02, 2008

CVE-2008-1675 EPSS 0.00

The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory.

CWE-399 May 02, 2008

CVE-2008-1514 EPSS 0.00

arch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other versions before 2.6.27-rc6, on s390 platforms allows local users to cause a denial of service (kernel panic) via the user-area-padding test from the ptrace testsuite in 31-bit mode, which triggers an invalid dereference.

CWE-399 Mar 26, 2008

CVE-2008-0009 2 PoCs Analysis EPSS 0.01

The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.

CWE-20 Feb 12, 2008

CVE-2008-0600 EXPLOITED 2 PoCs Analysis EPSS 0.00

The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.

CWE-94 Feb 12, 2008

CVE-2008-0163 EPSS 0.00

Linux kernel 2.6, when using vservers, allows local users to access resources of other vservers via a symlink attack in /proc.

CWE-59 Feb 12, 2008

CVE-2008-0010 2 PoCs Analysis EPSS 0.00

The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations.

CWE-20 Feb 12, 2008

CVE-2008-0007 EPSS 0.00

Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset.

CWE-399 Feb 08, 2008

CVE-2007-4998 EPSS 0.00

cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.

CWE-59 Jan 31, 2008

CVE-2007-6694 EPSS 0.02

The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference.

CWE-399 Jan 29, 2008

CVE-2008-0352 1 PoC Analysis EPSS 0.06

The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to cause a denial of service (panic) via a certain IPv6 packet, possibly involving the Jumbo Payload hop-by-hop option (jumbogram).

CWE-119 Jan 18, 2008

CVE-2008-0001 EPSS 0.00

VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.

Jan 15, 2008

CVE-2007-4567 1 PoC Analysis EPSS 0.05

The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet.

CWE-20 Dec 21, 2007

CVE-2007-5966 EPSS 0.00

Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third party information.

CWE-189 Dec 20, 2007

CVE-2007-6434 EPSS 0.00

Linux kernel 2.6.23 allows local users to create low pages in virtual userspace memory and bypass mmap_min_addr protection via a crafted executable file that calls the do_brk function.

CWE-264 Dec 18, 2007

CVE-2007-6417 EPSS 0.00

The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash).

CWE-399 Dec 18, 2007

CVE-2007-6151 EPSS 0.00

The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which triggers a buffer overflow.

CWE-119 Dec 15, 2007

CVE-2007-6206 EPSS 0.00

The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.

CWE-200 Dec 04, 2007

CVE-2007-6063 EPSS 0.00

Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function.

CWE-119 Nov 21, 2007