Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-3534

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-01 Aug, 2014 | 10:00
Updated At-06 Aug, 2024 | 10:50
Rejected At-
Credits

arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:01 Aug, 2014 | 10:00
Updated At:06 Aug, 2024 | 10:50
Rejected At:
▼CVE Numbering Authority (CNA)

arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/95069
vdb-entry
x_refsource_XF
https://bugzilla.redhat.com/show_bug.cgi?id=1114089
x_refsource_CONFIRM
http://secunia.com/advisories/59790
third-party-advisory
x_refsource_SECUNIA
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8
x_refsource_CONFIRM
http://www.securityfocus.com/bid/68940
vdb-entry
x_refsource_BID
https://github.com/torvalds/linux/commit/dab6cf55f81a6e16b8147aed9a843e1691dcd318
x_refsource_CONFIRM
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dab6cf55f81a6e16b8147aed9a843e1691dcd318
x_refsource_CONFIRM
http://www.securitytracker.com/id/1030683
vdb-entry
x_refsource_SECTRACK
http://www.osvdb.org/109546
vdb-entry
x_refsource_OSVDB
http://www.debian.org/security/2014/dsa-2992
vendor-advisory
x_refsource_DEBIAN
http://secunia.com/advisories/60351
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/95069
Resource:
vdb-entry
x_refsource_XF
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1114089
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/59790
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/68940
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://github.com/torvalds/linux/commit/dab6cf55f81a6e16b8147aed9a843e1691dcd318
Resource:
x_refsource_CONFIRM
Hyperlink: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dab6cf55f81a6e16b8147aed9a843e1691dcd318
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1030683
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.osvdb.org/109546
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.debian.org/security/2014/dsa-2992
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://secunia.com/advisories/60351
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/95069
vdb-entry
x_refsource_XF
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=1114089
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/59790
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/68940
vdb-entry
x_refsource_BID
x_transferred
https://github.com/torvalds/linux/commit/dab6cf55f81a6e16b8147aed9a843e1691dcd318
x_refsource_CONFIRM
x_transferred
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dab6cf55f81a6e16b8147aed9a843e1691dcd318
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id/1030683
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.osvdb.org/109546
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.debian.org/security/2014/dsa-2992
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://secunia.com/advisories/60351
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/95069
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1114089
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/59790
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/68940
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://github.com/torvalds/linux/commit/dab6cf55f81a6e16b8147aed9a843e1691dcd318
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dab6cf55f81a6e16b8147aed9a843e1691dcd318
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1030683
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.osvdb.org/109546
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.debian.org/security/2014/dsa-2992
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://secunia.com/advisories/60351
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:01 Aug, 2014 | 11:13
Updated At:06 May, 2026 | 22:30

arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches

Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions before 3.2.62(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 3.3(inclusive) to 3.4.101(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 3.5(inclusive) to 3.10.51(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 3.11(inclusive) to 3.12.27(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 3.13(inclusive) to 3.14.15(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 3.15(inclusive) to 3.15.8(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-269Primarynvd@nist.gov
CWE ID: CWE-269
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dab6cf55f81a6e16b8147aed9a843e1691dcd318secalert@redhat.com
Broken Link
http://secunia.com/advisories/59790secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/60351secalert@redhat.com
Third Party Advisory
http://www.debian.org/security/2014/dsa-2992secalert@redhat.com
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8secalert@redhat.com
Release Notes
Vendor Advisory
http://www.osvdb.org/109546secalert@redhat.com
Broken Link
http://www.securityfocus.com/bid/68940secalert@redhat.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030683secalert@redhat.com
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1114089secalert@redhat.com
Issue Tracking
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/95069secalert@redhat.com
Third Party Advisory
VDB Entry
https://github.com/torvalds/linux/commit/dab6cf55f81a6e16b8147aed9a843e1691dcd318secalert@redhat.com
Patch
Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dab6cf55f81a6e16b8147aed9a843e1691dcd318af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/59790af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/60351af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2014/dsa-2992af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8af854a3a-2127-422b-91ae-364da2661108
Release Notes
Vendor Advisory
http://www.osvdb.org/109546af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.securityfocus.com/bid/68940af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030683af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1114089af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/95069af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://github.com/torvalds/linux/commit/dab6cf55f81a6e16b8147aed9a843e1691dcd318af854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
Hyperlink: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dab6cf55f81a6e16b8147aed9a843e1691dcd318
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/59790
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/60351
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2014/dsa-2992
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8
Source: secalert@redhat.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: http://www.osvdb.org/109546
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://www.securityfocus.com/bid/68940
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1030683
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1114089
Source: secalert@redhat.com
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/95069
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/torvalds/linux/commit/dab6cf55f81a6e16b8147aed9a843e1691dcd318
Source: secalert@redhat.com
Resource:
Patch
Third Party Advisory
Hyperlink: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dab6cf55f81a6e16b8147aed9a843e1691dcd318
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/59790
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/60351
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2014/dsa-2992
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Vendor Advisory
Hyperlink: http://www.osvdb.org/109546
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.securityfocus.com/bid/68940
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1030683
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1114089
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/95069
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/torvalds/linux/commit/dab6cf55f81a6e16b8147aed9a843e1691dcd318
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

962Records found

CVE-2011-2910
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.38% / 29.45%
||
7 Day CHG~0.00%
Published-15 Nov, 2019 | 16:37
Updated-06 Aug, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation.

Action-Not Available
Vendor-linux-ax25ax25-toolsDebian GNU/Linux
Product-debian_linuxax25-toolsax25-tools
CWE ID-CWE-269
Improper Privilege Management
CVE-2008-2931
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.38% / 29.54%
||
7 Day CHG~0.00%
Published-09 Jul, 2008 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSELinux Kernel Organization, IncNovellDebian GNU/Linux
Product-debian_linuxubuntu_linuxsuse_linux_enterprise_serversuse_linux_enterprise_desktoplinux_kernelopensusen/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2007-2444
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.78% / 51.55%
||
7 Day CHG~0.00%
Published-14 May, 2007 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxSamba
Product-debian_linuxsambaubuntu_linuxn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2016-1575
Matching Score-10
Assigner-Canonical Ltd.
ShareView Details
Matching Score-10
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-0.92% / 56.03%
||
7 Day CHG~0.00%
Published-02 May, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, Inc
Product-ubuntu_touchubuntu_linuxubuntu_corelinux_kerneln/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-0070
Matching Score-10
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-10
Assigner-Palo Alto Networks, Inc.
CVSS Score-8.8||HIGH
EPSS-0.37% / 29.41%
||
7 Day CHG~0.00%
Published-19 Apr, 2022 | 22:15
Updated-17 Sep, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Log4j hot patch package privilege escalation

Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to.

Action-Not Available
Vendor-amazonAmazon Web ServicesLinux Kernel Organization, Inc
Product-log4jhotpatchlinux_kernellog4j-cve-2021-44228-hotpatch
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2010-3301
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-3.82% / 88.77%
||
7 Day CHG~0.00%
Published-22 Sep, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, IncSUSE
Product-ubuntu_linuxlinux_enterprise_real_time_extensionlinux_kerneln/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-0358
Matching Score-10
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-10
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-2.28% / 80.98%
||
7 Day CHG~0.00%
Published-13 Apr, 2018 | 15:00
Updated-04 Dec, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ntfs-3g: Modprobe influence vulnerability via environment variables

Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.

Action-Not Available
Vendor-tuxerantfs-3gDebian GNU/Linux
Product-debian_linuxntfs-3gntfs-3g
CWE ID-CWE-269
Improper Privilege Management
CVE-2015-8539
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.43% / 34.35%
||
7 Day CHG~0.00%
Published-08 Feb, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, IncSUSE
Product-ubuntu_linuxlinux_enterprise_real_time_extensionlinux_kerneln/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2014-9322
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.50% / 71.23%
||
7 Day CHG~0.00%
Published-17 Dec, 2014 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGoogle LLCLinux Kernel Organization, IncSUSERed Hat, Inc.
Product-evergreenubuntu_linuxsuse_linux_enterprise_serverenterprise_linux_eusandroidlinux_kerneln/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2014-5206
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.37% / 28.78%
||
7 Day CHG~0.00%
Published-18 Aug, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount" command within a user namespace.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, Inc
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2014-3689
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.39% / 30.78%
||
7 Day CHG~0.00%
Published-14 Nov, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.

Action-Not Available
Vendor-n/aCanonical Ltd.QEMUDebian GNU/Linux
Product-debian_linuxubuntu_linuxqemun/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-3100
Matching Score-10
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-10
Assigner-Palo Alto Networks, Inc.
CVSS Score-8.8||HIGH
EPSS-0.36% / 28.11%
||
7 Day CHG~0.00%
Published-19 Apr, 2022 | 22:15
Updated-16 Sep, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Log4j hot patch package privilege escalation

The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges.

Action-Not Available
Vendor-amazonAmazon Web ServicesLinux Kernel Organization, Inc
Product-log4jhotpatchlinux_kernellog4j-cve-2021-44228-hotpatch
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-31214
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.38% / 30.16%
||
7 Day CHG~0.00%
Published-09 Jun, 2022 | 00:00
Updated-03 Aug, 2024 | 07:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo.

Action-Not Available
Vendor-firejail_projectn/aDebian GNU/LinuxFedora Project
Product-firejaildebian_linuxfedoran/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-26880
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.35% / 27.16%
||
7 Day CHG+0.01%
Published-07 Oct, 2020 | 17:33
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.

Action-Not Available
Vendor-sympan/aDebian GNU/LinuxFedora Project
Product-debian_linuxsympafedoran/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-10936
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.50% / 39.13%
||
7 Day CHG~0.00%
Published-27 May, 2020 | 17:38
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sympa before 6.2.56 allows privilege escalation.

Action-Not Available
Vendor-sympan/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxsympafedoran/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-4448
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.34% / 25.58%
||
7 Day CHG~0.00%
Published-26 Aug, 2019 | 14:40
Updated-17 Sep, 2024 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This results in arbitrary code being executed with root authority. IBM X-Force ID: 163489.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2_high_performance_unload_loadlinux_kernelDB2 High Performance Unload load for LUW
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-3466
Matching Score-10
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-10
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-0.50% / 39.09%
||
7 Day CHG~0.00%
Published-20 Nov, 2019 | 17:16
Updated-04 Aug, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.

Action-Not Available
Vendor-n/aCanonical Ltd.The PostgreSQL Global Development GroupDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxpostgresql-commonpostgresql-common (Debian-specific Postgres management tools)
CWE ID-CWE-269
Improper Privilege Management
CVE-2014-1737
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.2||HIGH
EPSS-0.49% / 38.54%
||
7 Day CHG~0.00%
Published-11 May, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.

Action-Not Available
Vendor-n/aOracle CorporationLinux Kernel Organization, IncSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxlinux_enterprise_desktoplinux_enterprise_real_time_extensionlinux_enterprise_high_availability_extensionlinux_enterprise_serverlinuxenterprise_linux_euslinux_kerneln/a
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2020-29661
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.13% / 62.44%
||
7 Day CHG~0.00%
Published-09 Dec, 2020 | 16:57
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.

Action-Not Available
Vendor-n/aFedora ProjectLinux Kernel Organization, IncBroadcom Inc.NetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-a700s_firmwarea400_firmwaretekelec_platform_distributionactive_iq_unified_managerh410c_firmware8300_firmwaresolidfire_baseboard_management_controller8300debian_linuxlinux_kernel8700a400fedoraa700sh410cfabric_operating_systemsolidfire_baseboard_management_controller_firmware8700_firmwaren/a
CWE ID-CWE-416
Use After Free
CWE ID-CWE-667
Improper Locking
CVE-2007-1734
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.73% / 49.78%
||
7 Day CHG~0.00%
Published-28 Mar, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a denial of service (oops), a related issue to CVE-2007-1730.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CVE-2014-0069
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.41% / 33.25%
||
7 Day CHG~0.00%
Published-28 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, IncSUSE
Product-linux_enterprise_desktopenterprise_linux_serverenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_server_ausenterprise_linux_euslinux_kerneln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-5467
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.84% / 53.54%
||
7 Day CHG~0.00%
Published-29 Aug, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM) on UNIX allow local users to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aIBM CorporationLinux Kernel Organization, Inc
Product-monitoring_agent_for_unix_logslinux_kernelmonitoring_server_\(ms\)_and_shared_libraries_\(ax\)n/a
CVE-2013-6208
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.2||HIGH
EPSS-0.64% / 46.28%
||
7 Day CHG~0.00%
Published-16 Mar, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Smart Update Manager 5.3.5 before build 70 on Linux allows local users to gain privileges via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.Linux Kernel Organization, Inc
Product-smart_update_managerlinux_kerneln/a
CVE-2013-6282
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-39.71% / 98.44%
||
7 Day CHG~0.00%
Published-19 Nov, 2013 | 15:00
Updated-22 Apr, 2026 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-10-06||Apply updates per vendor instructions.

The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/aKernel
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4587
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.53% / 40.87%
||
7 Day CHG~0.00%
Published-14 Dec, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncopenSUSE
Product-linux_kernelopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3301
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.98% / 58.07%
||
7 Day CHG~0.00%
Published-29 Apr, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, IncSUSE
Product-linux_enterprise_desktoplinux_enterprise_high_availability_extensionlinux_enterprise_serverenterprise_mrglinux_kernelenterprise_linuxn/a
CVE-2017-14497
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.56% / 42.27%
||
7 Day CHG~0.00%
Published-15 Sep, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxlinux_kerneln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-1858
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-1.69% / 74.22%
||
7 Day CHG~0.00%
Published-05 Apr, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The clone system-call implementation in the Linux kernel before 3.8.3 does not properly handle a combination of the CLONE_NEWUSER and CLONE_FS flags, which allows local users to gain privileges by calling chroot and leveraging the sharing of the / directory between a parent process and a child process.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CVE-2013-1763
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-4.18% / 89.69%
||
7 Day CHG~0.00%
Published-28 Feb, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-2094
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.4||HIGH
EPSS-47.71% / 98.70%
||
7 Day CHG~0.00%
Published-14 May, 2013 | 20:00
Updated-22 Apr, 2026 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-10-06||Apply updates per vendor instructions.

The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/aKernel
CVE-2019-17346
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.35% / 26.85%
||
7 Day CHG~0.00%
Published-08 Oct, 2019 | 00:02
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.

Action-Not Available
Vendor-n/aDebian GNU/LinuxXen Project
Product-xendebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-6703
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.8||HIGH
EPSS-0.32% / 23.66%
||
7 Day CHG~0.00%
Published-29 Jun, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the snd_compr_allocate_buffer function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2012-6689
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 22.79%
||
7 Day CHG~0.00%
Published-02 May, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-284
Improper Access Control
CVE-2012-6704
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.41% / 33.12%
||
7 Day CHG~0.00%
Published-28 Dec, 2016 | 07:42
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-6701
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-0.35% / 27.43%
||
7 Day CHG~0.00%
Published-02 May, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2012-5519
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-2.13% / 79.69%
||
7 Day CHG~0.00%
Published-20 Nov, 2012 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.

Action-Not Available
Vendor-n/aDebian GNU/LinuxApple Inc.
Product-debian_linuxcupsn/a
CVE-2006-5753
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.38% / 29.68%
||
7 Day CHG~0.00%
Published-30 Jan, 2007 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_linux_desktoplinux_kernelenterprise_linuxn/a
CVE-2012-4576
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.42% / 33.73%
||
7 Day CHG~0.00%
Published-02 Dec, 2019 | 17:53
Updated-06 Aug, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeBSD: Input Validation Flaw allows local users to gain elevated privileges

Action-Not Available
Vendor-Debian GNU/LinuxFreeBSD Foundation
Product-freebsddebian_linuxFreeBSD
CWE ID-CWE-20
Improper Input Validation
CVE-2000-0607
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.11% / 62.00%
||
7 Day CHG~0.00%
Published-19 Jul, 2000 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.Mandriva (Mandrakesoft)
Product-debian_linuxmandrake_linuxlinuxn/a
CVE-1999-0317
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.41% / 33.25%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Linux su command gives root access to local users.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CVE-2012-3515
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.53% / 40.76%
||
7 Day CHG~0.00%
Published-23 Nov, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEQEMUSUSEXen ProjectRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxlinux_enterprise_desktopenterprise_linux_serverqemuenterprise_linux_workstationenterprise_linux_desktoplinux_enterprise_serverxenenterprise_linux_eusvirtualizationenterprise_linuxlinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-1999-0405
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.76% / 50.58%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow in lsof allows local users to obtain root privilege.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFreeBSD FoundationRed Hat, Inc.SUSE
Product-debian_linuxlinuxsuse_linuxfreebsdn/a
CVE-2012-2123
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.42% / 33.66%
||
7 Day CHG~0.00%
Published-17 May, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CVE-2012-2319
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.41% / 33.14%
||
7 Day CHG~0.00%
Published-17 May, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel before 3.3.5 allow local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CVE-2020-12465
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.38% / 30.22%
||
7 Day CHG~0.00%
Published-29 Apr, 2020 | 18:52
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages.

Action-Not Available
Vendor-n/aNetApp, Inc.Linux Kernel Organization, Inc
Product-linux_kernelcloud_backupsolidfire_\&_hci_management_nodeactive_iq_unified_managerhci_baseboard_management_controllerhci_compute_nodesolidfire_baseboard_management_controlleraff_baseboard_management_controllersteelstore_cloud_integrated_storagen/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2012-2136
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.58% / 43.58%
||
7 Day CHG~0.00%
Published-09 Aug, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-1796
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.34% / 25.76%
||
7 Day CHG~0.00%
Published-20 Mar, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors.

Action-Not Available
Vendor-n/aIBM CorporationSun Microsystems (Oracle Corporation)Linux Kernel Organization, IncHP Inc.
Product-hp-uxsunosdb2aixlinux_kerneln/a
CVE-1999-1442
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.87% / 54.34%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local users to cause a denial of service (crash) via a particular sequence of instructions, possibly related to accessing addresses outside of segments.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CVE-2019-17044
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.39% / 31.30%
||
7 Day CHG~0.00%
Published-14 Oct, 2019 | 16:47
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an attacker with "patrol" privileges to elevate his/her privileges to the ones of the "root" user by specially crafting a shared library .so file that will be loaded during execution.

Action-Not Available
Vendor-bmcn/aLinux Kernel Organization, Inc
Product-patrol_agentlinux_kerneln/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2012-0028
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.50% / 39.10%
||
7 Day CHG~0.00%
Published-21 Jun, 2012 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The robust futex implementation in the Linux kernel before 2.6.28 does not properly handle processes that make exec system calls, which allows local users to cause a denial of service or possibly gain privileges by writing to a memory location in a child process.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 19
  • 20
  • Next
Details not found