In 2003, 18 Linux kernel CVEs were published, sourced from the NIST National Vulnerability Database. Of these, 0 were rated Critical, 6 High severity . Compared to 2002's 15 CVEs, 2003 represented an increase of 20% year-on-year. December was the most active month, with 6 CVEs published.
Monthly CVE Breakdown — 2003
CVEs published per month with severity breakdown
December (6) was the most active month in 2003. Together the top months account for a significant share of 2003's 18 total CVEs. March (1) had the lowest volume.
Severity Distribution — 2003
Breakdown across 18 CVEs
44% Medium · 33% High · 0% Critical.
Monthly Counts — 2003
CVE counts by month and severity
December was the most active month with 6 CVEs — 33% of 2003's total. March (1) had the lowest volume.
| Month | Total | Critical | High | Medium | Low | Share of year |
|---|---|---|---|---|---|---|
| February | 2 | 0 | 1 | 0 | 1 |
11%
|
| March | 1 | 0 | 1 | 0 | 0 |
6%
|
| June | 4 | 0 | 1 | 2 | 1 |
22%
|
| July | 1 | 0 | 0 | 1 | 0 |
6%
|
| August | 4 | 0 | 0 | 4 | 0 |
22%
|
| December | 6 | 0 | 3 | 1 | 2 |
33%
|
| Total | 18 | 0 | 6 | 8 | 4 |
All CVEs — 2003
18 CVEs
| CVE ID | Package | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|---|
| CVE-2003-0959 | linux | High | 10.0 | 2003-12-31 | Multiple integer overflows in the 32bit emulation for AMD64 architectures in Linux 2.4 kernel before 2.4.21 allows atta… | |
| CVE-2003-0248 | linux | High | 10.0 | 2003-06-16 | The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address. | |
| CVE-2003-1161 | linux | High | 7.2 | 2003-12-31 | exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could a… | |
| CVE-2003-0961 | linux | High | 7.2 | 2003-12-15 | Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users t… | |
| CVE-2003-0127 | linux | High | 7.2 | 2003-03-31 | The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root … | |
| CVE-2003-0019 | linux | High | 7.2 | 2003-02-19 | uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local user… | |
| CVE-2003-1288 | linux | Medium | 5.0 | 2003-12-31 | Multiple race conditions in Linux-VServer 1.22 with Linux kernel 2.4.23 and SMP allow local users to cause a denial of … | |
| CVE-2003-0619 | linux | Medium | 5.0 | 2003-08-27 | Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers t… | |
| CVE-2003-0467 | linux | Medium | 5.0 | 2003-08-27 | Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels 2.4.20, and some 2.5.x, when CONFIG_IP_NF_NAT… | |
| CVE-2003-0465 | linux | Medium | 5.0 | 2003-08-18 | The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as oppos… |
2003 Linux Kernel CVE Highlights
-
Volume without critical severity
Despite high CVE volume, 2003 produced only 0 Critical-rated vulnerabilities. 44% of 2003 CVEs are Medium severity. This means the surge in raw numbers does not represent a proportional surge in high-severity risk.
-
Monthly variation
CVE publication in 2003 was uneven across months. December was the most active with 6 CVEs. March (1) had the lowest volume. Monthly spikes typically correspond to coordinated batches of backfilled CVEs being processed at once.