Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Grsecurity Subscribe
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-3373 2 Debian, Grsecurity 2 Debian Linux, Paxtest 2019-11-01 2.1 LOW 5.5 MEDIUM
paxtest handles temporary files insecurely
CVE-2007-0257 1 Grsecurity 1 Grsecurity Kernel Patch 2018-10-16 7.2 HIGH N/A
** DISPUTED ** Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code.
CVE-2008-1940 1 Grsecurity 1 Grsecurity Kernel Patch 2017-08-07 4.6 MEDIUM N/A
The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and 2.1.11-2.4.36.2 does not enforce user_transition_deny and user_transition_allow rules for the (1) sys_setfsuid and (2) sys_setfsgid calls, which allows local users to bypass restrictions for those calls.
CVE-2006-0228 1 Grsecurity 1 Grsecurity Kernel Patch 2017-07-19 7.2 HIGH N/A
The RBAC functionality in grsecurity before 2.1.8 does not properly handle when the admin role creates a service and then exits the shell without unauthenticating, which causes the service to be restarted with the admin role still active.
CVE-2007-0253 1 Grsecurity 1 Grsecurity Kernel Patch 2008-09-05 7.2 HIGH N/A
** DISPUTED ** Unspecified vulnerability in the grsecurity patch has unspecified impact and remote attack vectors, a different vulnerability than the expand_stack vulnerability from the Digital Armaments 20070110 pre-advisory. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven.
CVE-2002-1826 1 Grsecurity 1 Grsecurity Kernel Patch 2008-09-05 4.6 MEDIUM N/A
grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass read-only permissions by using mmap to directly map /dev/mem or /dev/kmem to kernel memory.