David S. Miller

26 exploits Active since May 2012
CVE-2011-3188 WRITEUP CRITICAL WRITEUP
Linux Kernel < 3.1 - Denial of Service via Predictable IPv4/IPv6 Sequence Numbers
The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.
CVSS 9.1
CVE-2012-6544 WRITEUP WRITEUP
Linux kernel < 3.6 - Information Disclosure via Bluetooth Stack
The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation.
CVE-2012-6545 WRITEUP WRITEUP
Linux Kernel < 3.6 - Information Disclosure via Bluetooth RFCOMM
The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.
CVE-2012-6544 WRITEUP WRITEUP
Linux kernel < 3.6 - Information Disclosure via Bluetooth Stack
The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation.
CVE-2015-3636 WRITEUP WRITEUP
Linux kernel <4.0.3 - Use After Free
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.
CVE-2016-7117 WRITEUP CRITICAL WRITEUP
Linux Kernel < 4.5.2 - Use-After-Free in __sys_recvmmsg Error Handling
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
CVSS 9.8
CVE-2016-8655 WRITEUP HIGH WRITEUP
AF_PACKET chocobo_root Privilege Escalation
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.
CVSS 7.8
CVE-2017-7277 WRITEUP HIGH WRITEUP
Linux kernel <4.10.6 - Info Disclosure/DoS
The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c.
CVSS 7.1
CVE-2017-8890 WRITEUP HIGH WRITEUP
Linux Kernel < 3.2.89 - Double Free in inet_csk_clone_lock
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
CVSS 7.8
CVE-2012-6544 WRITEUP WRITEUP
Linux kernel < 3.6 - Information Disclosure via Bluetooth Stack
The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation.
CVE-2013-1979 WRITEUP WRITEUP
Linux Kernel < 3.8.11 - Privilege Escalation via Incorrect Credential Passing
The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application.
CVE-2013-2128 WRITEUP MEDIUM WRITEUP
Linux Kernel < 2.6.34 - Denial of Service via Crafted Splice System Call
The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service (system crash) via a crafted splice system call for a TCP socket.
CVSS 5.5
CVE-2013-3224 WRITEUP WRITEUP
Linux kernel <3.9-rc7 - Info Disclosure
The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
CVE-2013-3226 WRITEUP WRITEUP
Linux kernel <3.9-rc7 - Info Disclosure
The sco_sock_recvmsg function in net/bluetooth/sco.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
CVE-2013-4312 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.4.1 - Denial of Service via File Descriptor Exhaustion
The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
CVSS 6.2
CVE-2015-1465 WRITEUP WRITEUP
Linux Kernel 3.10.50-3.10.69 - Denial of Service via IPv4 RCU Grace Period Mismanagement
The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets.
CVE-2015-5283 WRITEUP WRITEUP
Linux Kernel < 4.2.2 - Denial of Service via SCTP Socket Initialization
The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished.
CVE-2016-3156 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.5.2 - Denial of Service via IPv4 Device Destruction
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.
CVSS 5.5
CVE-2017-14106 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.11.12 - Denial of Service via tcp_disconnect Divide-By-Zero
The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path.
CVSS 5.5
CVE-2017-6348 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.9.13 - Denial of Service via IrDA Device Operations
The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices.
CVSS 5.5
CVE-2017-6353 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.10 - Denial of Service via SCTP Association Peel-Off
net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986.
CVSS 5.5
CVE-2017-7277 WRITEUP HIGH WRITEUP
Linux kernel <4.10.6 - Info Disclosure/DoS
The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c.
CVSS 7.1
CVE-2017-9075 WRITEUP HIGH WRITEUP
Linux Kernel < 3.2.89 - Denial of Service in SCTP IPv6 Socket Inheritance
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
CVSS 7.8
CVE-2018-20511 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.18.11 - Authenticated Kernel Address Exposure via SIOCFINDIPDDPRT ioctl
An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.
CVSS 5.5
CVE-2019-19079 WRITEUP HIGH WRITEUP
Linux Kernel < 5.3 - Memory Leak in qrtr_tun_write_iter
A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service (memory consumption), aka CID-a21b7f0cff19.
CVSS 7.5