Vulnerability & Exploit Database

Displaying entries 1 - 10 of 22 in total

Results for: CVE-2013-2892 Back to search

SUSE Linux Security Advisory: SUSE-SU-2014:1669-1 Vulnerability

  • Severity: 7
  • Published: December 17, 2014

arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.

ELSA-2013-2585 Important: Oracle Linux unbreakable enterprise kernel security update Vulnerability

  • Severity: 6
  • Published: November 20, 2013

Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a getxattr system call for the system.nfs4_acl extended attribute of a pathname on an NFSv4 filesy...

USN-2050-1: Linux kernel (OMAP4) vulnerabilities Vulnerability

  • Severity: 7
  • Published: November 04, 2013

The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and...

USN-1998-1: Linux kernel vulnerabilities Vulnerability

  • Severity: 7
  • Published: September 25, 2013

The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing.

USN-1995-1: Linux kernel (Raring HWE) vulnerabilities Vulnerability

  • Severity: 7
  • Published: September 25, 2013

The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing.

USN-2039-1: Linux kernel (OMAP4) vulnerabilities Vulnerability

  • Severity: 6
  • Published: September 16, 2013

Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.

USN-2038-1: Linux kernel vulnerabilities Vulnerability

  • Severity: 6
  • Published: September 16, 2013

Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.

USN-2024-1: Linux kernel (OMAP4) vulnerabilities Vulnerability

  • Severity: 6
  • Published: September 16, 2013

Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.

USN-2022-1: Linux kernel (OMAP4) vulnerabilities Vulnerability

  • Severity: 6
  • Published: September 16, 2013

Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.

USN-2021-1: Linux kernel vulnerabilities Vulnerability

  • Severity: 6
  • Published: September 16, 2013

Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.