Vulnerabilities (CVE)

Filtered by vendor Suse Subscribe
Filtered by product Linux Enterprise Real Time Extension
Total 58 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8785 2 Linux, Suse 2 Linux Kernel, Linux Enterprise Real Time Extension 2025-04-12 4.9 MEDIUM 6.2 MEDIUM
The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
CVE-2014-4608 4 Canonical, Linux, Opensuse and 1 more 5 Ubuntu Linux, Linux Kernel, Opensuse and 2 more 2025-04-12 7.5 HIGH 7.3 HIGH
Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype.
CVE-2010-3067 5 Canonical, Debian, Linux and 2 more 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more 2025-04-11 4.9 MEDIUM N/A
Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call.
CVE-2010-2962 5 Canonical, Fedoraproject, Linux and 2 more 7 Ubuntu Linux, Fedora, Linux Kernel and 4 more 2025-04-11 7.2 HIGH N/A
drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via crafted use of the ioctl interface, related to (1) pwrite and (2) pread operations.
CVE-2010-4258 4 Fedoraproject, Linux, Opensuse and 1 more 7 Fedora, Linux Kernel, Opensuse and 4 more 2025-04-11 6.2 MEDIUM N/A
The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call.
CVE-2010-4165 3 Linux, Opensuse, Suse 5 Linux Kernel, Opensuse, Linux Enterprise Desktop and 2 more 2025-04-11 4.9 MEDIUM N/A
The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer.
CVE-2010-3301 3 Canonical, Linux, Suse 3 Ubuntu Linux, Linux Kernel, Linux Enterprise Real Time Extension 2025-04-11 7.2 HIGH N/A
The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.
CVE-2010-3297 5 Canonical, Debian, Linux and 2 more 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more 2025-04-11 2.1 LOW N/A
The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call.
CVE-2010-4162 4 Fedoraproject, Linux, Opensuse and 1 more 7 Fedora, Linux Kernel, Opensuse and 4 more 2025-04-11 4.7 MEDIUM N/A
Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device.
CVE-2010-3849 4 Canonical, Debian, Linux and 1 more 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more 2025-04-11 4.7 MEDIUM N/A
The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field.
CVE-2010-2955 4 Canonical, Linux, Opensuse and 1 more 6 Ubuntu Linux, Linux Kernel, Opensuse and 3 more 2025-04-11 2.1 LOW N/A
The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size.
CVE-2010-4078 4 Debian, Linux, Opensuse and 1 more 7 Debian Linux, Linux Kernel, Opensuse and 4 more 2025-04-11 1.9 LOW N/A
The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux kernel before 2.6.36-rc6 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call.
CVE-2010-4083 4 Debian, Linux, Opensuse and 1 more 7 Debian Linux, Linux Kernel, Opensuse and 4 more 2025-04-11 1.9 LOW N/A
The copy_semid_to_user function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a semctl system call.
CVE-2010-4080 4 Debian, Linux, Opensuse and 1 more 7 Debian Linux, Linux Kernel, Opensuse and 4 more 2025-04-11 2.1 LOW N/A
The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call.
CVE-2010-3442 6 Canonical, Debian, Fedoraproject and 3 more 9 Ubuntu Linux, Debian Linux, Fedora and 6 more 2025-04-11 4.7 MEDIUM N/A
Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call.
CVE-2010-3848 4 Canonical, Debian, Linux and 1 more 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more 2025-04-11 6.9 MEDIUM N/A
Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures.
CVE-2010-3904 6 Canonical, Linux, Opensuse and 3 more 8 Ubuntu Linux, Linux Kernel, Opensuse and 5 more 2025-04-11 7.2 HIGH 7.8 HIGH
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
CVE-2010-4072 5 Canonical, Debian, Linux and 2 more 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more 2025-04-11 1.9 LOW N/A
The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."
CVE-2010-3298 5 Canonical, Debian, Linux and 2 more 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more 2025-04-11 2.1 LOW N/A
The hso_get_count function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.
CVE-2010-3432 5 Canonical, Debian, Linux and 2 more 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more 2025-04-11 7.8 HIGH N/A
The sctp_packet_config function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializations of packet data structures, which allows remote attackers to cause a denial of service (panic) via a certain sequence of SCTP traffic.