In 2005, 118 Linux kernel CVEs were published, sourced from the NIST National Vulnerability Database. Of these, 0 were rated Critical, 22 High severity . Compared to 2004's 41 CVEs, 2005 represented an increase of 188% year-on-year. May was the most active month, with 24 CVEs published.
Monthly CVE Breakdown — 2005
CVEs published per month with severity breakdown
May (24) was the most active month in 2005. Together the top months account for a significant share of 2005's 118 total CVEs. July (1) had the lowest volume.
Severity Distribution — 2005
Breakdown across 118 CVEs
36% Medium · 19% High · 0% Critical.
Monthly Counts — 2005
CVE counts by month and severity
May was the most active month with 24 CVEs — 20% of 2005's total. July (1) had the lowest volume.
| Month | Total | Critical | High | Medium | Low | Share of year |
|---|---|---|---|---|---|---|
| January | 13 | 0 | 6 | 3 | 4 |
11%
|
| February | 2 | 0 | 0 | 0 | 2 |
2%
|
| March | 7 | 0 | 1 | 3 | 3 |
6%
|
| April | 5 | 0 | 1 | 1 | 3 |
4%
|
| May | 24 | 0 | 7 | 2 | 15 |
20%
|
| June | 3 | 0 | 1 | 0 | 2 |
3%
|
| July | 1 | 0 | 0 | 0 | 1 |
1%
|
| August | 14 | 0 | 1 | 8 | 5 |
12%
|
| September | 10 | 0 | 1 | 2 | 7 |
8%
|
| October | 11 | 0 | 0 | 4 | 7 |
9%
|
| November | 14 | 0 | 4 | 10 | 0 |
12%
|
| December | 14 | 0 | 0 | 10 | 4 |
12%
|
| Total | 118 | 0 | 22 | 43 | 53 |
All CVEs — 2005
118 CVEs
| CVE ID | Package | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|---|
| CVE-2004-1137 | linux | High | 10.0 | 2005-01-10 | Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local a… | |
| CVE-2005-3858 | linux | High | 7.8 | 2005-11-27 | Memory leak in the ip6_input_finish function in ip6_input.c in Linux kernel 2.6.12 and earlier might allow attackers to… | |
| CVE-2005-3809 | linux | High | 7.8 | 2005-11-25 | The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attack… | |
| CVE-2005-3810 | linux | High | 7.8 | 2005-11-25 | ip_conntrack_proto_icmp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of serv… | |
| CVE-2005-3753 | linux | High | 7.8 | 2005-11-22 | Linux kernel before after 2.6.12 and before 2.6.13.1 might allow attackers to cause a denial of service (Oops) via cert… | |
| CVE-2005-0209 | linux | High | 7.8 | 2005-05-02 | Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via crafted IP pa… | |
| CVE-2005-2801 | linux | High | 7.5 | 2005-09-06 | xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the name_index fields when… | |
| CVE-2005-2500 | linux | High | 7.5 | 2005-08-08 | Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux kernel 2.6.12, as used in SuSE Linux Enterprise Serv… | |
| CVE-2005-1763 | linux | High | 7.2 | 2005-06-09 | Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures allows local users to write bytes into kernel me… | |
| CVE-2005-1264 | linux | High | 7.2 | 2005-05-17 | Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block de… |
2005 Linux Kernel CVE Highlights
-
Volume without critical severity
Despite high CVE volume, 2005 produced only 0 Critical-rated vulnerabilities. 36% of 2005 CVEs are Medium severity. This means the surge in raw numbers does not represent a proportional surge in high-severity risk.
-
Monthly variation
CVE publication in 2005 was uneven across months. May was the most active with 24 CVEs. July (1) had the lowest volume. Monthly spikes typically correspond to coordinated batches of backfilled CVEs being processed at once.