Here is a table I put together containing links to the National Vulnerability Database about various Common Vulnerabilities and Exposures (CVE) issues in the 2.6 Linux kernel from 2.6.18 and above.
I check the CVE database via a rss feed and will be updating this list whenever I see a new one for linux come out.
This list is by no means comprehensive and some may not be included here for one of the following reasons:
* Issue is for a kernel below 2.6.18
* Version number isn’t specified
* Vendor-specific kernel only where release isn’t specified
* I flat out missed it
* It’s a brand new CVE and I haven’t updated this list yet
I should also note that not all known security issues are made public via the CVE database, and according to Brad from grsecurity not all security issues fixed in the linux kernel are made public (aka known as “silent fixes”).
The scope of this table is to list links to the CVE issue itself and specify the version to get an idea of how many patches you would need if you were to build an older kernel from vanilla source (ie, not using a linux vendor’s source). To get the type of vulnerability you need to follow the link. Most of them are “local denial of service” exploits, but a few are more dangerous. In either case, if your kernel is affected, you should patch it.
Hope this list helps you with whatever you may need it for, and be sure to use this information responsibly!
| CVE Number | Affected Versions |
| CVE-2008-4113 |
before 2.6.26.4 |
| CVE-2008-3915 |
before 2.6.26.4 |
| CVE-2008-3911 |
2.6.26.3 only |
| CVE-2008-3792 |
on and before 2.6.26.3 |
| CVE-2008-3535 |
before 2.6.27-rc2 |
| CVE-2008-3534 |
before 2.6.26.1 |
| CVE-2008-3525 |
on and before 2.6.26.3 |
| CVE-2008-3496 | 2.6.26 before 2.6.26.1 |
| CVE-2008-3276 | 2.6.17-rc1 through 2.6.26.2 |
| CVE-2008-3275 | before 2.6.25.15 |
| CVE-2008-3272 | before 2.6.26.2 and before 2.6.25.15 |
| CVE-2008-3247 | 2.6.25 before 2.6.25.11 on 64bit |
| CVE-2008-2944 | 2.6.18 |
| CVE-2008-2826 | before 2.6.25.9 |
| CVE-2008-2812 | before 2.6.25.10 |
| CVE-2008-2750 | before 2.6.26-rc6 |
| CVE-2008-2729 | before 2.6.19 on AMD64 |
| CVE-2008-2372 | 2.6.24, and 2.6.25 before 2.6.25.9 |
| CVE-2008-2365 | 2.6.9 through 2.6.25 |
| CVE-2008-2358 | 2.6.18 “and probably other versions” |
| CVE-2008-2148 | 2.6.22 to 2.6.25.3 |
| CVE-2008-2137 | before 2.6.25.3 on SPARC |
| CVE-2008-2136 | before 2.6.25.3 |
| CVE-2008-1675 | before 2.6.24.6 |
| CVE-2008-1673 | before 2.6.25.5 |
| CVE-2008-1669 | before 2.6.25.2 and before 2.6.24.7 |
| CVE-2008-1615 | 2.6.18 and possibly others on AMD64 |
| CVE-2008-1514 | before 2.6.27-rc6 |
| CVE-2008-1375 | before 2.6.24.6, and 2.6.25 before 2.6.25.1 |
| CVE-2008-1367 | any linux kernel compiled with gcc 4.3.x (exact version unspecified) |
| CVE-2008-1294 | between 2.6.17 and 2.6.22 |
| CVE-2008-0731 | before 2.6.18.8-0.8 in SUSE openSUSE 10.2 |
| CVE-2008-0598 | before 2.6.9, 2.6.18 “and probably other versions” |
| CVE-2008-0600 | 2.6.17 through 2.6.24.1 |
| CVE-2008-0352 | 2.6.20 through 2.6.21.1 |
| CVE-2008-0163 | before 2.6.24.1 |
| CVE-2008-0010 | 2.6.22 through 2.6.24 |
| CVE-2008-0009 | 2.6.22 through 2.6.24 |
| CVE-2008-0007 | before 2.6.22.17 |
| CVE-2008-0001 | before 2.6.22.16, and 2.6.23.x before 2.6.23.14 |
| CVE-2007-6716 | before 2.6.23 |
| CVE-2007-6712 | 2.6.21-rc4 only |
| CVE-2007-6694 | before 2.6.18-53 |
| CVE-2007-6434 | 2.6.23 only |
| CVE-2007-6417 | 2.6.11 through 2.6.23 |
| CVE-2007-6282 | before 2.6.25 |
| CVE-2007-6206 | before 2.6.24-rc3 |
| CVE-2007-6151 | 2.6.23 only |
| CVE-2007-6063 | 2.6.23 only |
| CVE-2007-5966 | before 2.6.23.10 |
| CVE-2007-5904 | before 2.6.23 |
| CVE-2007-5501 | 2.6.21 through 2.6.23.7 and 2.6.24-rc through 2.6.24-rc2 |
| CVE-2007-5500 | before 2.6.23.8 |
| CVE-2007-5498 | 2.6.18 xen dom0 kernels |
| CVE-2007-5494 | “Red Hat Content Accelerator” patch in RHEL kernels |
| CVE-2007-5093 | pwc driver before 2.6.22.6 |
| CVE-2007-5001 | before 2.4.21 |
| CVE-2007-4997 | before 2.6.23 |
| CVE-2007-4574 | RHEL5 on AMD64 |
| CVE-2007-4573 | before 2.6.22.7 |
| CVE-2007-4571 | before 2.6.22.8 |
| CVE-2007-4567 | 2.6.22 and earlier |
| CVE-2007-4308 | before 2.6.23-rc2 |
| CVE-2007-4133 | before 2.6.19-rc4 |
| CVE-2007-4130 | 2.6.9 before 2.6.9-67 in RHEL4 |
| CVE-2007-3851 | before 2.6.22.2 |
| CVE-2007-3850 | before 2.6.22 |
| CVE-2007-3843 | before 2.6.23-rc1 |
| CVE-2007-3740 | before 2.6.22 |
| CVE-2007-3731 | 2.6.20 and 2.6.21 |
| CVE-2007-3719 | 2.6.16 only |
| CVE-2007-3642 | before 2.6.20.15, 2.6.21.x before 2.6.21.6, and before 2.6.22 |
| CVE-2007-3513 | before 2.6.22-rc7 |
| CVE-2007-3107 | before 2.6.22 |
| CVE-2007-3105 | before 2.6.22 |
| CVE-2007-2878 | before 2.6.21.2 (on 64bit) |
| CVE-2007-2876 | before 2.6.20.13, and 2.6.21.x before 2.6.21.4 |
| CVE-2007-2875 | before 2.6.20.13, and 2.6.21.x before 2.6.21.4 |
| CVE-2007-2525 | before 2.6.21-git8 |
| CVE-2007-2480 | before 2.6.21 |
| CVE-2007-2453 | before 2.6.20.13, and 2.6.21.x before 2.6.21.4 |
| CVE-2007-2451 | before 2.6.21.3 |
| CVE-2007-2172 | 2.6.21-rc6 |
| CVE-2007-1861 | before 2.6.20.8 |
| CVE-2007-1734 | 2.6.20 “and later” |
| CVE-2007-1730 | 2.6.20 “and later” |
| CVE-2007-1592 | before 2.6.21-rc3 |
| CVE-2007-1497 | before 2.6.20.3 |
| CVE-2007-1496 | before before 2.6.20.3 |
| CVE-2007-1388 | before 2.6.20 |
| CVE-2007-1357 | before 2.6.21 |
| CVE-2007-1217 | between 2.6.9 and 2.6.20 |
| CVE-2007-1000 | before 2.6.20.2 |
| CVE-2007-0958 | before 2.6.20 |
| CVE-2007-0822 | 2.6.15 on slackware 10.2 |
| CVE-2007-0773 | 2.6.9-42.0.8 in RHEL 4.4 |
| CVE-2007-0772 | between 2.6.13 and 2.6.20.1 |
| CVE-2007-0771 | 2.6.18 “and other versions” |
| CVE-2007-0006 | between 2.6.9 and 2.6.20 |
| CVE-2007-0005 | before 2.6.21-rc3 |
| CVE-2006-7203 | before 2.6.20 |
| CVE-2006-6333 | 2.6.19 only |
| CVE-2006-6304 | 2.6.19 only |
| CVE-2006-6128 | 2.6.18 “and others” with reiserfs |
| CVE-2006-6106 | between 2.6.2 and 2.6.18.6, and 2.6.19.x |
| CVE-2006-6060 | on and before 2.6.18 |
| CVE-2006-6058 | before 2.6.24 |
| CVE-2006-6057 | on and before 2.6.18 |
| CVE-2006-6056 | on and before 2.6.18 with SELinux |
| CVE-2006-5757 | 2.6.18 “and others” |
| CVE-2006-5751 | before 2.6.18.4 |
| CVE-2006-5619 | 2.6.18 only |
| CVE-2006-5174 | before 2.6.19-rc1 |
| CVE-2006-4535 | 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 |
| CVE-2006-3634 | between 2.6.17-rc4 and 2.6.18-rc2 |