In 2004, 41 Linux kernel CVEs were published, sourced from the NIST National Vulnerability Database. Of these, 0 were rated Critical, 12 High severity . Compared to 2003's 18 CVEs, 2004 represented an increase of 128% year-on-year. December was the most active month, with 21 CVEs published.
Monthly CVE Breakdown — 2004
CVEs published per month with severity breakdown
December (21) was the most active month in 2004. Together the top months account for a significant share of 2004's 41 total CVEs. April (1) had the lowest volume.
Severity Distribution — 2004
Breakdown across 41 CVEs
29% Medium · 29% High · 0% Critical.
Monthly Counts — 2004
CVE counts by month and severity
December was the most active month with 21 CVEs — 51% of 2004's total. April (1) had the lowest volume.
| Month | Total | Critical | High | Medium | Low | Share of year |
|---|---|---|---|---|---|---|
| January | 2 | 0 | 1 | 1 | 0 |
5%
|
| February | 2 | 0 | 1 | 0 | 1 |
5%
|
| March | 3 | 0 | 1 | 1 | 1 |
7%
|
| April | 1 | 0 | 0 | 0 | 1 |
2%
|
| May | 2 | 0 | 0 | 0 | 2 |
5%
|
| June | 2 | 0 | 0 | 2 | 0 |
5%
|
| July | 1 | 0 | 1 | 0 | 0 |
2%
|
| August | 6 | 0 | 2 | 1 | 3 |
15%
|
| November | 1 | 0 | 0 | 0 | 1 |
2%
|
| December | 21 | 0 | 6 | 7 | 8 |
51%
|
| Total | 41 | 0 | 12 | 12 | 17 |
All CVEs — 2004
41 CVEs
| CVE ID | Package | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|---|
| CVE-2004-1017 | linux | High | 10.0 | 2004-12-31 | Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x have unknown impact and unknown attack vectors. | |
| CVE-2004-2613 | linux | High | 10.0 | 2004-12-31 | Unspecified vulnerability in procfs in the Linux-VServer stable branch for the 2.4 kernel before 1.23 and Linux-VServer… | |
| CVE-2004-2013 | linux | High | 7.8 | 2004-12-31 | Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in socket.c in the Linux kernel 2.4.25 and earlier a… | |
| CVE-2004-2536 | linux | High | 7.5 | 2004-12-31 | The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointe… | |
| CVE-2004-1337 | linux | High | 7.2 | 2004-12-23 | The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a pro… | |
| CVE-2004-0496 | linux | High | 7.2 | 2004-12-06 | Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a di… | |
| CVE-2004-0228 | linux | High | 7.2 | 2004-08-18 | Integer signedness error in the cpufreq proc handler (cpufreq_procctl) in Linux kernel 2.6 allows local users to gain p… | |
| CVE-2004-0495 | linux | High | 7.2 | 2004-08-06 | Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memo… | |
| CVE-2004-0424 | linux | High | 7.2 | 2004-07-07 | Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows loc… | |
| CVE-2004-0010 | linux | High | 7.2 | 2004-03-03 | Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privi… |
2004 Linux Kernel CVE Highlights
-
Volume without critical severity
Despite high CVE volume, 2004 produced only 0 Critical-rated vulnerabilities. 29% of 2004 CVEs are Medium severity. This means the surge in raw numbers does not represent a proportional surge in high-severity risk.
-
Monthly variation
CVE publication in 2004 was uneven across months. December was the most active with 21 CVEs. April (1) had the lowest volume. Monthly spikes typically correspond to coordinated batches of backfilled CVEs being processed at once.