CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2008-2372 – kernel: Reinstate ZERO_PAGE optimization in 'get_user_pages()' and fix XIP
https://notcve.org/view.php?id=CVE-2008-2372
02 Jul 2008 — The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory consumption) via a large number of calls to the get_user_pages function, which lacks a ZERO_PAGE optimization and results in allocation of "useless newly zeroed pages." El núcleo de Linux 2.6.24 y 2.6.25 versiones anteriores a 2.6.25.9 permite a usuarios locales provocar una denegación de servicio (consumo de memoria) a través de un número largo de llamadas a la función get_user_pages, la cual carece d... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=89f5b7da2a6bad2e84670422ab8192382a5aeb9f • CWE-20: Improper Input Validation •
CVSS: 4.7EPSS: 0%CPEs: 157EXPL: 2CVE-2008-2365 – Linux Kernel 2.6.9 < 2.6.25 (RHEL 4) - utrace and ptrace Local Denial of Service
https://notcve.org/view.php?id=CVE-2008-2365
30 Jun 2008 — Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only... • https://www.exploit-db.com/exploits/31965 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 17%CPEs: 296EXPL: 0CVE-2008-2750
https://notcve.org/view.php?id=CVE-2008-2750
18 Jun 2008 — The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large value for a certain length variable. La función pppol2tp_recvmsg de drivers/net/pppol2tp.c en el kernel de Linux 2.6 anterior a 2.6.26-rc6, permite a atacantes remotos provocar una denegación de servicio (corrupción... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6b6707a50c7598a83820077393f8823ab791abf8 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 11%CPEs: 271EXPL: 0CVE-2008-1673
https://notcve.org/view.php?id=CVE-2008-1673
10 Jun 2008 — The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an in... • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=33afb8403f361919aa5c8fe1d0a4f5ddbfbbea3c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 116EXPL: 1CVE-2008-2137
https://notcve.org/view.php?id=CVE-2008-2137
29 May 2008 — The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and the (2) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3, omit some virtual-address range (aka span) checks when the mmap MAP_FIXED bit is not set, which allows local users to cause a denial of service (panic) via unspecified mmap calls. Las funciones (1) sparc_mmap_check en arch/sparc/kernel/sys_sparc.c y (2) sparc64_mmap_check en arch/sparc64/kernel/sys_spar... • http://kerneltrap.org/mailarchive/git-commits-head/2008/5/8/1760604 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 82%CPEs: 7EXPL: 0CVE-2008-2136 – kernel: sit memory leak
https://notcve.org/view.php?id=CVE-2008-2136
16 May 2008 — Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count. Fugas de memoria en la función ip6_rcv de net/ipv6/sit.c en el núcleo de Linux versiones anteriores a 2.6.25.3 permite a atacantes remotos provoca... • http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3 • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2008-2148 – kernel: fix permission checking in sys_utimensat
https://notcve.org/view.php?id=CVE-2008-2148
12 May 2008 — The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary files, possibly leading to a denial of service. Una llamada de sistema utimensat (sys_utimensat) en el Kernel de Linux versión 2.6.22 y otras versiones anteriores a 2.6.25.3, no comprueba los permisos de los archivos cuando son usadas ciertas combinaciones UTI... • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=f9dfda1ad0637a89a64d001cf81478bd8d9b6306 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 304EXPL: 0CVE-2008-1669 – kernel: add rcu_read_lock() to fcheck() in both dnotify, locks.c and fix fcntl store/load race in locks.c
https://notcve.org/view.php?id=CVE-2008-1669
08 May 2008 — Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table." El kernel de Linux en versiones posteriores a la 2.6.25.2, no aplica determinados mecanismos de protección para la funcionalidad fcntl, la cual permite a usuarios locales (1) ejecutar código en paralelo o (2) explotar una condición de carrera (race condition) para obt... • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.0EPSS: 0%CPEs: 14EXPL: 0CVE-2008-1375 – kernel: race condition in dnotify (local DoS, local roothole possible)
https://notcve.org/view.php?id=CVE-2008-1375
02 May 2008 — Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors. Una condición de carrera en el subsistema directory notification (dnotify) en el Kernel de Linux versiones 2.6.x anteriores a 2.6.24.6, y versiones 2.6.25 anteriores a 2.6.25.1, permite a usuarios locales causar una denegación de servicio (OOPS) y posiblemente alcanzar p... • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 221EXPL: 3CVE-2008-1675
https://notcve.org/view.php?id=CVE-2008-1675
02 May 2008 — The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory. La función bdx_ioctl_priv en el controlador tehuti (archivo tehuti.c) en el Kernel de Linux versiones 2.6.x anteriores a 2.6.25.1, no comprueba apropiadamente cierta información relacionada al tamaño del registro, que presenta un impac... • http://marc.info/?l=linux-kernel&m=120949204519706&w=2 • CWE-399: Resource Management Errors •