Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2006-1342

Summary
Assigner-sgi
Assigner Org ID-bc94ec7e-8909-4cbb-83df-d2fc9330fa88
Published At-21 Mar, 2006 | 18:00
Updated At-07 Aug, 2024 | 17:12
Rejected At-
Credits

net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:sgi
Assigner Org ID:bc94ec7e-8909-4cbb-83df-d2fc9330fa88
Published At:21 Mar, 2006 | 18:00
Updated At:07 Aug, 2024 | 17:12
Rejected At:
â–¼CVE Numbering Authority (CNA)

net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git%3Ba=commit%3Bh=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/4502
vdb-entry
x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2006-0579.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/22875
third-party-advisory
x_refsource_SECUNIA
http://www.vmware.com/download/esx/esx-202-200610-patch.html
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/451426/100/200/threaded
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/21035
third-party-advisory
x_refsource_SECUNIA
http://www.vmware.com/download/esx/esx-213-200610-patch.html
x_refsource_CONFIRM
http://www.novell.com/linux/security/advisories/2006-05-31.html
vendor-advisory
x_refsource_SUSE
http://www.redhat.com/support/errata/RHSA-2006-0580.html
vendor-advisory
x_refsource_REDHAT
http://www.vmware.com/download/esx/esx-254-200610-patch.html
x_refsource_CONFIRM
http://secunia.com/advisories/19357
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/451404/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/20398
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/451417/100/200/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/17203
vdb-entry
x_refsource_BID
http://www.securityfocus.com/archive/1/451419/100/200/threaded
mailing-list
x_refsource_BUGTRAQ
http://marc.info/?l=linux-netdev&m=114148078223594&w=2
mailing-list
x_refsource_MLIST
Hyperlink: http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git%3Ba=commit%3Bh=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2006/4502
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0579.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/22875
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vmware.com/download/esx/esx-202-200610-patch.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/archive/1/451426/100/200/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/21035
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vmware.com/download/esx/esx-213-200610-patch.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.novell.com/linux/security/advisories/2006-05-31.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0580.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.vmware.com/download/esx/esx-254-200610-patch.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/19357
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/451404/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/20398
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/451417/100/200/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/bid/17203
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securityfocus.com/archive/1/451419/100/200/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://marc.info/?l=linux-netdev&m=114148078223594&w=2
Resource:
mailing-list
x_refsource_MLIST
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git%3Ba=commit%3Bh=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2006/4502
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.redhat.com/support/errata/RHSA-2006-0579.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/22875
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vmware.com/download/esx/esx-202-200610-patch.html
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/archive/1/451426/100/200/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/21035
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vmware.com/download/esx/esx-213-200610-patch.html
x_refsource_CONFIRM
x_transferred
http://www.novell.com/linux/security/advisories/2006-05-31.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.redhat.com/support/errata/RHSA-2006-0580.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.vmware.com/download/esx/esx-254-200610-patch.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/19357
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/451404/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/20398
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/451417/100/200/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/bid/17203
vdb-entry
x_refsource_BID
x_transferred
http://www.securityfocus.com/archive/1/451419/100/200/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://marc.info/?l=linux-netdev&m=114148078223594&w=2
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git%3Ba=commit%3Bh=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2006/4502
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0579.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/22875
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vmware.com/download/esx/esx-202-200610-patch.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/451426/100/200/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/21035
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vmware.com/download/esx/esx-213-200610-patch.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.novell.com/linux/security/advisories/2006-05-31.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0580.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.vmware.com/download/esx/esx-254-200610-patch.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/19357
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/451404/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/20398
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/451417/100/200/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/bid/17203
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/451419/100/200/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://marc.info/?l=linux-netdev&m=114148078223594&w=2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:bc94ec7e-8909-4cbb-83df-d2fc9330fa88
Published At:21 Mar, 2006 | 18:02
Updated At:16 Apr, 2026 | 00:27

net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches

Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.4.0
cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://marc.info/?l=linux-netdev&m=114148078223594&w=2bc94ec7e-8909-4cbb-83df-d2fc9330fa88
N/A
http://secunia.com/advisories/19357bc94ec7e-8909-4cbb-83df-d2fc9330fa88
N/A
http://secunia.com/advisories/20398bc94ec7e-8909-4cbb-83df-d2fc9330fa88
N/A
http://secunia.com/advisories/21035bc94ec7e-8909-4cbb-83df-d2fc9330fa88
N/A
http://secunia.com/advisories/22875bc94ec7e-8909-4cbb-83df-d2fc9330fa88
N/A
http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git%3Ba=commit%3Bh=09d3b3dcfa80c9094f1748c1be064b9326c9ef2bbc94ec7e-8909-4cbb-83df-d2fc9330fa88
N/A
http://www.novell.com/linux/security/advisories/2006-05-31.htmlbc94ec7e-8909-4cbb-83df-d2fc9330fa88
N/A
http://www.redhat.com/support/errata/RHSA-2006-0579.htmlbc94ec7e-8909-4cbb-83df-d2fc9330fa88
N/A
http://www.redhat.com/support/errata/RHSA-2006-0580.htmlbc94ec7e-8909-4cbb-83df-d2fc9330fa88
N/A
http://www.securityfocus.com/archive/1/451404/100/0/threadedbc94ec7e-8909-4cbb-83df-d2fc9330fa88
N/A
http://www.securityfocus.com/archive/1/451417/100/200/threadedbc94ec7e-8909-4cbb-83df-d2fc9330fa88
N/A
http://www.securityfocus.com/archive/1/451419/100/200/threadedbc94ec7e-8909-4cbb-83df-d2fc9330fa88
N/A
http://www.securityfocus.com/archive/1/451426/100/200/threadedbc94ec7e-8909-4cbb-83df-d2fc9330fa88
N/A
http://www.securityfocus.com/bid/17203bc94ec7e-8909-4cbb-83df-d2fc9330fa88
N/A
http://www.vmware.com/download/esx/esx-202-200610-patch.htmlbc94ec7e-8909-4cbb-83df-d2fc9330fa88
N/A
http://www.vmware.com/download/esx/esx-213-200610-patch.htmlbc94ec7e-8909-4cbb-83df-d2fc9330fa88
N/A
http://www.vmware.com/download/esx/esx-254-200610-patch.htmlbc94ec7e-8909-4cbb-83df-d2fc9330fa88
N/A
http://www.vupen.com/english/advisories/2006/4502bc94ec7e-8909-4cbb-83df-d2fc9330fa88
N/A
http://marc.info/?l=linux-netdev&m=114148078223594&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/19357af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/20398af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/21035af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/22875af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git%3Ba=commit%3Bh=09d3b3dcfa80c9094f1748c1be064b9326c9ef2baf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.novell.com/linux/security/advisories/2006-05-31.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2006-0579.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2006-0580.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/451404/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/451417/100/200/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/451419/100/200/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/451426/100/200/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/17203af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vmware.com/download/esx/esx-202-200610-patch.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vmware.com/download/esx/esx-213-200610-patch.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vmware.com/download/esx/esx-254-200610-patch.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2006/4502af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://marc.info/?l=linux-netdev&m=114148078223594&w=2
Source: bc94ec7e-8909-4cbb-83df-d2fc9330fa88
Resource: N/A
Hyperlink: http://secunia.com/advisories/19357
Source: bc94ec7e-8909-4cbb-83df-d2fc9330fa88
Resource: N/A
Hyperlink: http://secunia.com/advisories/20398
Source: bc94ec7e-8909-4cbb-83df-d2fc9330fa88
Resource: N/A
Hyperlink: http://secunia.com/advisories/21035
Source: bc94ec7e-8909-4cbb-83df-d2fc9330fa88
Resource: N/A
Hyperlink: http://secunia.com/advisories/22875
Source: bc94ec7e-8909-4cbb-83df-d2fc9330fa88
Resource: N/A
Hyperlink: http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git%3Ba=commit%3Bh=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b
Source: bc94ec7e-8909-4cbb-83df-d2fc9330fa88
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2006-05-31.html
Source: bc94ec7e-8909-4cbb-83df-d2fc9330fa88
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0579.html
Source: bc94ec7e-8909-4cbb-83df-d2fc9330fa88
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0580.html
Source: bc94ec7e-8909-4cbb-83df-d2fc9330fa88
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/451404/100/0/threaded
Source: bc94ec7e-8909-4cbb-83df-d2fc9330fa88
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/451417/100/200/threaded
Source: bc94ec7e-8909-4cbb-83df-d2fc9330fa88
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/451419/100/200/threaded
Source: bc94ec7e-8909-4cbb-83df-d2fc9330fa88
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/451426/100/200/threaded
Source: bc94ec7e-8909-4cbb-83df-d2fc9330fa88
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/17203
Source: bc94ec7e-8909-4cbb-83df-d2fc9330fa88
Resource: N/A
Hyperlink: http://www.vmware.com/download/esx/esx-202-200610-patch.html
Source: bc94ec7e-8909-4cbb-83df-d2fc9330fa88
Resource: N/A
Hyperlink: http://www.vmware.com/download/esx/esx-213-200610-patch.html
Source: bc94ec7e-8909-4cbb-83df-d2fc9330fa88
Resource: N/A
Hyperlink: http://www.vmware.com/download/esx/esx-254-200610-patch.html
Source: bc94ec7e-8909-4cbb-83df-d2fc9330fa88
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2006/4502
Source: bc94ec7e-8909-4cbb-83df-d2fc9330fa88
Resource: N/A
Hyperlink: http://marc.info/?l=linux-netdev&m=114148078223594&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/19357
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/20398
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/21035
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/22875
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git%3Ba=commit%3Bh=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2006-05-31.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0579.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0580.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/451404/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/451417/100/200/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/451419/100/200/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/451426/100/200/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/17203
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vmware.com/download/esx/esx-202-200610-patch.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vmware.com/download/esx/esx-213-200610-patch.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vmware.com/download/esx/esx-254-200610-patch.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2006/4502
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

237Records found

CVE-2014-1738
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-2.1||LOW
EPSS-0.52% / 40.55%
||
7 Day CHG~0.00%
Published-11 May, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.

Action-Not Available
Vendor-n/aOracle CorporationLinux Kernel Organization, IncSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxlinux_enterprise_desktoplinux_enterprise_real_time_extensionlinux_enterprise_high_availability_extensionlinux_enterprise_serverlinuxenterprise_linux_euslinux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-1445
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.41% / 33.29%
||
7 Day CHG~0.00%
Published-18 Jan, 2014 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CVE-2014-1739
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-2.1||LOW
EPSS-1.12% / 62.24%
||
7 Day CHG~0.00%
Published-23 Jun, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, IncSUSE
Product-ubuntu_linuxsuse_linux_enterprise_serverlinux_enterprise_high_availability_extensionsuse_linux_enterprise_desktoplinux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-2038
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.41% / 33.27%
||
7 Day CHG~0.00%
Published-28 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by writing to a file in an NFS filesystem and then reading the same file.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, Inc
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-28588
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-4||MEDIUM
EPSS-1.10% / 61.66%
||
7 Day CHG~0.00%
Published-10 May, 2021 | 18:54
Updated-04 Aug, 2024 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so it’s likely that all versions in between are affected. An attacker can read /proc/pid/syscall to trigger this vulnerability, which leads to the kernel leaking memory contents.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kernelLinux Kernel
CWE ID-CWE-681
Incorrect Conversion between Numeric Types
CVE-2013-2234
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.55% / 42.08%
||
7 Day CHG~0.00%
Published-04 Jul, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-2141
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.59% / 44.04%
||
7 Day CHG~0.00%
Published-07 Jun, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CVE-2013-2546
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.39% / 30.63%
||
7 Day CHG~0.00%
Published-14 Mar, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_mrglinux_kerneln/a
CVE-2013-2147
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.42% / 33.79%
||
7 Day CHG~0.00%
Published-07 Jun, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSE
Product-linux_enterprise_serverlinux_kerneln/a
CVE-2013-2237
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.56% / 42.32%
||
7 Day CHG~0.00%
Published-04 Jul, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-2148
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.36% / 27.92%
||
7 Day CHG~0.00%
Published-07 Jun, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CVE-2013-2548
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.39% / 30.49%
||
7 Day CHG~0.00%
Published-14 Mar, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_mrglinux_kerneln/a
CVE-2013-0160
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.73% / 49.86%
||
7 Day CHG~0.00%
Published-18 Feb, 2013 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-6536
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.37% / 28.97%
||
7 Day CHG~0.00%
Published-14 Mar, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability and providing a (1) new or (2) updated state.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-4530
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.88% / 54.75%
||
7 Day CHG~0.00%
Published-18 Feb, 2013 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-3430
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.95% / 56.97%
||
7 Day CHG~0.00%
Published-03 Oct, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-0450
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.29% / 20.70%
||
7 Day CHG~0.00%
Published-01 Feb, 2012 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations.

Action-Not Available
Vendor-n/aApple Inc.Mozilla CorporationLinux Kernel Organization, Inc
Product-mac_os_xfirefoxseamonkeylinux_kerneln/a
CVE-2011-4917
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.47% / 37.64%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:20
Updated-07 Aug, 2024 | 00:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kernelLinux kernel
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4916
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.40% / 31.85%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 20:36
Updated-07 Aug, 2024 | 00:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kernelLinux Kernel
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-2494
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.36% / 27.67%
||
7 Day CHG~0.00%
Published-13 Jun, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-32296
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.43% / 34.28%
||
7 Day CHG~0.00%
Published-05 Jun, 2022 | 21:53
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2011-2208
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.47% / 37.60%
||
7 Day CHG~0.00%
Published-13 Jun, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer signedness error in the osf_getdomainname function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform allows local users to obtain sensitive information from kernel memory via a crafted call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CVE-2011-2495
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.48% / 38.17%
||
7 Day CHG~0.00%
Published-13 Jun, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CVE-2011-1170
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.41% / 32.89%
||
7 Day CHG~0.00%
Published-22 Jun, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-0726
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-2.1||LOW
EPSS-0.34% / 26.15%
||
7 Day CHG~0.00%
Published-18 Jul, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0710
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.40% / 32.32%
||
7 Day CHG~0.00%
Published-18 Feb, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The task_show_regs function in arch/s390/kernel/traps.c in the Linux kernel before 2.6.38-rc4-next-20110216 on the s390 platform allows local users to obtain the values of the registers of an arbitrary process by reading a status file under /proc/.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-1163
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.41% / 33.27%
||
7 Day CHG~0.00%
Published-10 Apr, 2011 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, IncSUSE
Product-enterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_server_ausenterprise_linux_euslinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0711
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.40% / 31.87%
||
7 Day CHG~0.00%
Published-01 Mar, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_auslinux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-1171
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.41% / 32.89%
||
7 Day CHG~0.00%
Published-22 Jun, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4486
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-1.71% / 74.55%
||
7 Day CHG~0.00%
Published-23 May, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, IncNovell
Product-suse_linux_enterprise_software_development_kitubuntu_linuxsuse_linux_enterprise_debuginfosuse_linux_enterprise_real_time_extensionsuse_linux_enterprise_serversuse_linux_enterprise_module_for_public_cloudsuse_linux_enterprise_workstation_extensionsuse_linux_enterprise_desktopsuse_linux_enterprise_live_patchinglinux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2006-1863
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-1.02% / 59.07%
||
7 Day CHG~0.00%
Published-25 Apr, 2006 | 22:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1864.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CVE-2006-1343
Matching Score-8
Assigner-bc94ec7e-8909-4cbb-83df-d2fc9330fa88
ShareView Details
Matching Score-8
Assigner-bc94ec7e-8909-4cbb-83df-d2fc9330fa88
CVSS Score-2.1||LOW
EPSS-0.42% / 33.83%
||
7 Day CHG~0.00%
Published-21 Mar, 2006 | 18:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6, does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the getsockopt function with SO_ORIGINAL_DST, which allows local users to obtain portions of potentially sensitive memory.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CVE-2011-0463
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.52% / 40.24%
||
7 Day CHG~0.00%
Published-10 Apr, 2011 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the Oracle Cluster File System 2 (OCFS2) subsystem in the Linux kernel before 2.6.39-rc1 does not properly handle holes that cross page boundaries, which allows local users to obtain potentially sensitive information from uninitialized disk locations by reading a file.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, Inc
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3881
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.48% / 37.94%
||
7 Day CHG~0.00%
Published-23 Dec, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, IncSUSE
Product-enterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_high_availability_extensionsuse_linux_enterprise_serversuse_linux_enterprise_desktoplinux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-4080
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.42% / 33.79%
||
7 Day CHG~0.00%
Published-30 Nov, 2010 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call.

Action-Not Available
Vendor-n/aopenSUSELinux Kernel Organization, IncSUSEDebian GNU/Linux
Product-debian_linuxlinux_enterprise_desktoplinux_enterprise_real_time_extensionlinux_enterprise_serverlinux_kernellinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-4529
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.40% / 31.47%
||
7 Day CHG~0.00%
Published-13 Jan, 2011 | 18:35
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockopt call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2006-0095
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.43% / 34.83%
||
7 Day CHG~0.00%
Published-06 Jan, 2006 | 11:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CVE-2010-4158
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.87% / 54.32%
||
7 Day CHG~0.00%
Published-30 Dec, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter.

Action-Not Available
Vendor-n/aopenSUSELinux Kernel Organization, IncSUSEFedora Project
Product-linux_enterprise_desktoplinux_enterprise_real_time_extensionlinux_enterprise_serverfedoralinux_kernellinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-4655
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.40% / 32.01%
||
7 Day CHG~0.00%
Published-18 Jul, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call.

Action-Not Available
Vendor-n/aCanonical Ltd.VMware (Broadcom Inc.)Linux Kernel Organization, Inc
Product-esxubuntu_linuxlinux_kerneln/a
CWE ID-CWE-665
Improper Initialization
CVE-2010-3875
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.39% / 31.13%
||
7 Day CHG~0.00%
Published-03 Jan, 2011 | 19:26
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxlinux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-26966
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.34% / 25.75%
||
7 Day CHG~0.00%
Published-12 Mar, 2022 | 21:30
Updated-03 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncNetApp, Inc.Debian GNU/Linux
Product-h300eh500sactive_iq_unified_managerh300s_firmwareh410sh300sh300e_firmwaredebian_linuxlinux_kernelh500eh410s_firmwareh700s_firmwareh500s_firmwareh500e_firmwareh700eh700e_firmwareh700sn/a
CVE-2010-3477
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.40% / 32.41%
||
7 Day CHG~0.00%
Published-21 Sep, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxubuntu_linuxlinux_kerneln/a
CVE-2010-3297
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.41% / 32.74%
||
7 Day CHG~0.00%
Published-30 Sep, 2010 | 14:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSELinux Kernel Organization, IncSUSEDebian GNU/Linux
Product-debian_linuxubuntu_linuxlinux_enterprise_desktoplinux_enterprise_real_time_extensionlinux_enterprise_serverlinux_kernelopensusen/a
CWE ID-CWE-909
Missing Initialization of Resource
CVE-2019-15919
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.43% / 34.93%
||
7 Day CHG~0.00%
Published-04 Sep, 2019 | 18:08
Updated-05 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free.

Action-Not Available
Vendor-n/aopenSUSELinux Kernel Organization, Inc
Product-linux_kernelleapn/a
CWE ID-CWE-416
Use After Free
CVE-2022-25375
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.05% / 60.24%
||
7 Day CHG~0.00%
Published-20 Feb, 2022 | 19:47
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/Linux
Product-debian_linuxlinux_kerneln/a
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2010-2226
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.43% / 34.88%
||
7 Day CHG~0.00%
Published-03 Sep, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, IncSUSEDebian GNU/Linux
Product-debian_linuxubuntu_linuxlinux_enterprise_desktoplinux_enterprise_serverlinux_kernellinux_enterprise_software_development_kitn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-24308
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 14.12%
||
7 Day CHG~0.00%
Published-13 Apr, 2022 | 12:14
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process.

Action-Not Available
Vendor-automoxn/aLinux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-windowsmacosautomoxlinux_kerneln/a
CVE-2017-18549
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.56% / 42.40%
||
7 Day CHG~0.00%
Published-19 Aug, 2019 | 01:51
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply structure.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-22426
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-2.9||LOW
EPSS-0.23% / 13.72%
||
7 Day CHG~0.00%
Published-10 Jun, 2022 | 16:00
Updated-16 Sep, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and gain unauthorized access to the Spectrum Copy Data Management catalog which contains metadata. IBM X-Force ID: 223718.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-spectrum_copy_data_managementlinux_kernelSpectrum Copy Data Management
CVE-2019-19536
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.38% / 29.53%
||
7 Day CHG~0.00%
Published-03 Dec, 2019 | 15:38
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncopenSUSEDebian GNU/Linux
Product-debian_linuxlinux_kernelleapn/a
CWE ID-CWE-909
Missing Initialization of Resource
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found