Все бюллетени/sisyphus/ALT-PU-2014-1422-2
ALT-PU-2014-1422-2

Обновление пакета kernel-image-std-def в ветке sisyphus

Версия3.12.15-alt1
Задание#117249
Опубликовано2026-02-04
Макс. серьёзностьCRITICAL
Серьёзность:

Закрытые проблемы (82)

BDU:2014-00087
MEDIUM4.7

Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать локальный отказ в обслуживании

Опубликовано: 2016-07-05Изменено: 2016-11-28
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
BDU:2014-00088
MEDIUM4.7

Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать локальный отказ в обслуживании

Опубликовано: 2016-07-05Изменено: 2016-11-28
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
BDU:2014-00089
LOW3.3

Уязвимость операционной системы Linux, приводящая к раскрытию информации

Опубликовано: 2016-07-05Изменено: 2021-08-19
CVSS 2.0НИЗКАЯ 3.3
CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:P/A:N
Ссылки
BDU:2014-00091
MEDIUM6.0

Уязвимость операционной системы Linux, позволяющая злоумышленнику получить доступ к конфиденциальной информации из памяти ядра

Опубликовано: 2016-07-05Изменено: 2016-11-28
CVSS 2.0СРЕДНЯЯ 6.0
CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:P/A:P
Ссылки
BDU:2014-00092
MEDIUM5.8

Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании

Опубликовано: 2016-07-05Изменено: 2016-11-28
CVSS 2.0СРЕДНЯЯ 5.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N
Ссылки
BDU:2014-00093
MEDIUM4.7

Уязвимость операционной системы Linux, позволяющая злоумышленнику повысить свои привилегии

Опубликовано: 2016-07-05Изменено: 2026-04-30
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
BDU:2014-00095
MEDIUM5.7

Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании

Опубликовано: 2016-07-05Изменено: 2026-04-30
CVSS 2.0СРЕДНЯЯ 5.7
CVSS:2.0/AV:A/AC:M/Au:N/C:N/I:N/A:C
Ссылки
BDU:2014-00096
MEDIUM4.7

Уязвимость операционной системы Linux, позволяющая злоумышленнику повысить свои привилегии

Опубликовано: 2016-07-05Изменено: 2026-04-30
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
BDU:2014-00098
MEDIUM4.0

Уязвимость операционной системы Linux, позволяющая злоумышленнику повысить свои привилегии

Опубликовано: 2016-07-05Изменено: 2016-11-28
CVSS 2.0СРЕДНЯЯ 4.0
CVSS:2.0/AV:L/AC:H/Au:N/C:N/I:N/A:C
Ссылки
BDU:2014-00100
MEDIUM4.9

Уязвимость операционной системы Linux, позволяющая злоумышленнику получить доступ к конфиденциальной информации из памяти ядра

Опубликовано: 2016-07-05Изменено: 2016-11-28
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:N/A:N
Ссылки
BDU:2014-00101
MEDIUM4.7

Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании

Опубликовано: 2016-07-05Изменено: 2016-11-28
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
BDU:2015-04307
CRITICAL10.0

Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Опубликовано: 2015-04-28Изменено: 2026-04-30
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
Ссылки
BDU:2015-04308
CRITICAL10.0

Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Опубликовано: 2015-04-28Изменено: 2016-11-28
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
Ссылки
BDU:2015-04309
CRITICAL10.0

Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Опубликовано: 2015-04-28Изменено: 2016-11-28
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
Ссылки
BDU:2015-04310
CRITICAL10.0

Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Опубликовано: 2015-04-28Изменено: 2016-11-28
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
Ссылки
BDU:2016-02003
MEDIUM4.3

Уязвимость операционной системы Android, позволяющая нарушителю получить конфиденциальную информацию

Опубликовано: 2016-08-31Изменено: 2021-03-23
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N
Ссылки
BDU:2016-02026
CRITICAL9.3

Уязвимость операционной системы Android, позволяющая нарушителю повысить свои привилегии

Опубликовано: 2016-08-31Изменено: 2021-03-23
CVSS 2.0КРИТИЧЕСКАЯ 9.3
CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C
Ссылки
BDU:2019-02779
MEDIUM5.5

Уязвимость функции memcpy_fromiovecend () ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2019-08-06Изменено: 2021-03-23
CVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C
Ссылки
BDU:2021-01410
MEDIUM6.5

Уязвимость буфера сокета SCTP ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2021-03-21Изменено: 2024-05-31
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0СРЕДНЯЯ 6.1
CVSS:2.0/AV:A/AC:L/Au:N/C:N/I:N/A:C
Ссылки
BDU:2022-01630
MEDIUM5.5

Уязвимость модуля nf_tables подсистемы netfilter ядра операционных систем Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Опубликовано: 2022-03-31Изменено: 2024-09-13
CVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:N/A:N
Ссылки
CVE-2013-2888
MEDIUM6.2

Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.

Опубликовано: 2013-09-16Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 6.2
CVSS:2.0/AV:L/AC:H/Au:N/C:C/I:C/A:C
Ссылки
CVE-2013-2889
MEDIUM4.7

drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.

Опубликовано: 2013-09-16Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2013-2890
MEDIUM4.7

drivers/hid/hid-sony.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SONY is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.

Опубликовано: 2013-09-16Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2013-2891
MEDIUM4.7

drivers/hid/hid-steelseries.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_STEELSERIES is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.

Опубликовано: 2013-09-16Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2013-2892
MEDIUM4.7

drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.

Опубликовано: 2013-09-16Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2013-2893
MEDIUM4.7

The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c.

Опубликовано: 2013-09-16Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2013-2894
MEDIUM4.7

drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LENOVO_TPKBD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.

Опубликовано: 2013-09-16Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2013-2895
MEDIUM5.4

drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or obtain sensitive information from kernel memory via a crafted device.

Опубликовано: 2013-09-16Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 5.4
CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:N/A:C
Ссылки
CVE-2013-2896
MEDIUM4.7

drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device.

Опубликовано: 2013-09-16Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2013-2897
MEDIUM4.7

Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device.

Опубликовано: 2013-09-16Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2013-2898
LOW1.9

drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted device.

Опубликовано: 2013-09-16Изменено: 2026-04-29
CVSS 2.0НИЗКАЯ 1.9
CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:N/A:N
Ссылки
CVE-2013-2899
MEDIUM4.7

drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device.

Опубликовано: 2013-09-16Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2013-2929
LOW3.3

The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h.

Опубликовано: 2013-12-09Изменено: 2026-04-29
CVSS 2.0НИЗКАЯ 3.3
CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:P/A:N
Ссылки
CVE-2013-2930
LOW3.6

The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application.

Опубликовано: 2013-12-09Изменено: 2026-04-29
CVSS 2.0НИЗКАЯ 3.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:N
Ссылки
CVE-2013-4270
LOW3.6

The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restrictions via a crafted application.

Опубликовано: 2013-12-09Изменено: 2026-04-29
CVSS 2.0НИЗКАЯ 3.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:N
Ссылки
CVE-2013-4299
MEDIUM6.0

Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.

Опубликовано: 2013-10-24Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 6.0
CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:P/A:P
Ссылки
CVE-2013-4345
MEDIUM5.8

Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data.

Опубликовано: 2013-10-10Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 5.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N
Ссылки
CVE-2013-4350
MEDIUM5.0

The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network.

Опубликовано: 2013-09-25Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
Ссылки
CVE-2013-4387
MEDIUM6.1

net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet.

Опубликовано: 2013-10-10Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 6.1
CVSS:2.0/AV:A/AC:L/Au:N/C:N/I:N/A:C
Ссылки
CVE-2013-4470
MEDIUM6.9

The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c.

Опубликовано: 2013-11-04Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 6.9
CVSS:2.0/AV:L/AC:M/Au:N/C:C/I:C/A:C
Ссылки
CVE-2013-4512
MEDIUM4.7

Buffer overflow in the exitcode_proc_write function in arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging root privileges for a write operation.

Опубликовано: 2013-11-12Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2013-4513
MEDIUM4.9

Buffer overflow in the oz_cdev_write function in drivers/staging/ozwpan/ozcdev.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted write operation.

Опубликовано: 2013-11-12Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C
Ссылки
CVE-2013-4514
MEDIUM4.7

Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions.

Опубликовано: 2013-11-12Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2013-4515
MEDIUM4.9

The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call.

Опубликовано: 2013-11-12Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:N/A:N
Ссылки
CVE-2013-4516
MEDIUM4.9

The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.

Опубликовано: 2013-11-12Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:N/A:N
Ссылки
CVE-2013-4579
MEDIUM4.3

The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations.

Опубликовано: 2013-11-20Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N
Ссылки
CVE-2013-6367
MEDIUM5.7

The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.

Опубликовано: 2013-12-14Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 5.7
CVSS:2.0/AV:A/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2013-6368
MEDIUM6.2

The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.

Опубликовано: 2013-12-14Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 6.2
CVSS:2.0/AV:L/AC:H/Au:N/C:C/I:C/A:C
Ссылки
CVE-2013-6376
MEDIUM5.2

The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode.

Опубликовано: 2013-12-14Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 5.2
CVSS:2.0/AV:A/AC:M/Au:S/C:N/I:N/A:C
Ссылки
CVE-2013-6378
MEDIUM4.4

The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation.

Опубликовано: 2013-11-27Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.4
CVSS:2.0/AV:L/AC:M/Au:S/C:N/I:N/A:C
Ссылки
CVE-2013-6380
MEDIUM4.7

The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command.

Опубликовано: 2013-11-27Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2013-6382
MEDIUM4.0

Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c.

Опубликовано: 2013-11-27Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.0
CVSS:2.0/AV:L/AC:H/Au:N/C:N/I:N/A:C
Ссылки
CVE-2013-6431
MEDIUM4.7

The fib6_add function in net/ipv6/ip6_fib.c in the Linux kernel before 3.11.5 does not properly implement error-code encoding, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for an IPv6 SIOCADDRT ioctl call.

Опубликовано: 2013-12-09Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2013-6432
MEDIUM4.6

The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging unspecified privileges to execute a crafted application.

Опубликовано: 2013-12-09Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:C
Ссылки
CVE-2013-7026
MEDIUM4.7

Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted application that uses shmctl IPC_RMID operations in conjunction with other shm system calls.

Опубликовано: 2013-12-09Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2013-7027
MEDIUM6.1

The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header.

Опубликовано: 2013-12-09Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 6.1
CVSS:2.0/AV:A/AC:L/Au:N/C:N/I:N/A:C
Ссылки
CVE-2013-7263
MEDIUM4.9

The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.

Опубликовано: 2014-01-06Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:N/A:N
Ссылки
CVE-2013-7264
MEDIUM4.9

The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

Опубликовано: 2014-01-06Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:N/A:N
Ссылки
CVE-2013-7265
MEDIUM4.9

The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

Опубликовано: 2014-01-06Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:N/A:N
Ссылки
CVE-2013-7266
MEDIUM4.9

The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

Опубликовано: 2014-01-06Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:N/A:N
Ссылки
CVE-2013-7267
MEDIUM4.9

The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

Опубликовано: 2014-01-06Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:N/A:N
Ссылки
CVE-2013-7268
MEDIUM4.9

The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

Опубликовано: 2014-01-06Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:N/A:N
Ссылки
CVE-2013-7269
MEDIUM4.9

The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

Опубликовано: 2014-01-06Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:N/A:N
Ссылки
CVE-2013-7270
MEDIUM4.9

The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

Опубликовано: 2014-01-06Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:N/A:N
Ссылки
CVE-2013-7271
MEDIUM4.9

The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

Опубликовано: 2014-01-06Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:N/A:N
Ссылки
CVE-2013-7281
MEDIUM4.9

The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

Опубликовано: 2014-01-08Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:N/A:N
Ссылки
CVE-2013-7339
MEDIUM4.7

The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.

Опубликовано: 2014-03-24Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2013-7348
MEDIUM4.6

Double free vulnerability in the ioctx_alloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via vectors involving an error condition in the aio_setup_ring function.

Опубликовано: 2014-04-01Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:P
Ссылки
CVE-2013-7470
MEDIUM5.9

cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310.

Опубликовано: 2019-04-23Изменено: 2024-11-21
CVSS 2.0ВЫСОКАЯ 7.1
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS 3.xСРЕДНЯЯ 5.9
CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Ссылки
CVE-2014-1438
MEDIUM4.7

The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application.

Опубликовано: 2014-01-18Изменено: 2026-04-29
CVSS 2.0СРЕДНЯЯ 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2014-1444
LOW1.7

The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call.

Опубликовано: 2014-01-18Изменено: 2026-04-29
CVSS 2.0НИЗКАЯ 1.7
CVSS:2.0/AV:L/AC:L/Au:S/C:P/I:N/A:N
Ссылки
CVE-2014-1445
LOW2.1

The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call.

Опубликовано: 2014-01-18Изменено: 2026-04-29
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N
Ссылки
CVE-2014-1446
LOW1.9

The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.

Опубликовано: 2014-01-18Изменено: 2026-04-29
CVSS 2.0НИЗКАЯ 1.9
CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:N/A:N
Ссылки
CVE-2014-1690
LOW2.6

The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature.

Опубликовано: 2014-02-28Изменено: 2026-04-29
CVSS 2.0НИЗКАЯ 2.6
CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N
Ссылки
CVE-2014-2672
HIGH7.1

Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions.

Опубликовано: 2014-04-01Изменено: 2025-04-12
CVSS 2.0ВЫСОКАЯ 7.1
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C
Ссылки
CVE-2014-3645
LOW2.1

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.

Опубликовано: 2014-11-10Изменено: 2025-04-12
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:P
Ссылки
CVE-2014-9870
HIGH7.8

The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044.

Опубликовано: 2016-08-06Изменено: 2025-04-12
CVSS 2.0КРИТИЧЕСКАЯ 9.3
CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Ссылки
CVE-2014-9895
MEDIUM5.5

drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28750150 and Qualcomm internal bug CR570757, a different vulnerability than CVE-2014-1739.

Опубликовано: 2016-08-06Изменено: 2025-04-12
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Ссылки
CVE-2018-14634
HIGH7.8

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.

Опубликовано: 2018-09-25Изменено: 2026-01-27
CVSS 2.0ВЫСОКАЯ 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Ссылки
CVE-2018-16885
MEDIUM5.5

A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7.

Опубликовано: 2019-01-03Изменено: 2024-11-21
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Ссылки
CVE-2019-3874
MEDIUM6.5

The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.

Опубликовано: 2019-03-25Изменено: 2024-11-21
CVSS 2.0НИЗКАЯ 3.3
CVSS:2.0/AV:A/AC:L/Au:N/C:N/I:N/A:P
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ссылки
CVE-2022-1016
MEDIUM5.5

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.

Опубликовано: 2022-08-29Изменено: 2024-11-21
CVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Ссылки