In 2006, 83 Linux kernel CVEs were published, sourced from the NIST National Vulnerability Database. Of these, 0 were rated Critical, 21 High severity . Compared to 2005's 118 CVEs, 2006 represented a decrease of 30% year-on-year. May was the most active month, with 12 CVEs published.
Monthly CVE Breakdown — 2006
CVEs published per month with severity breakdown
May (12) was the most active month in 2006. Together the top months account for a significant share of 2006's 83 total CVEs. February (1) had the lowest volume.
Severity Distribution — 2006
Breakdown across 83 CVEs
49% Medium · 25% High · 0% Critical.
Monthly Counts — 2006
CVE counts by month and severity
May was the most active month with 12 CVEs — 14% of 2006's total. February (1) had the lowest volume.
| Month | Total | Critical | High | Medium | Low | Share of year |
|---|---|---|---|---|---|---|
| January | 6 | 0 | 2 | 2 | 2 |
7%
|
| February | 1 | 0 | 0 | 1 | 0 |
1%
|
| March | 10 | 0 | 2 | 2 | 6 |
12%
|
| April | 9 | 0 | 1 | 5 | 3 |
11%
|
| May | 12 | 0 | 4 | 5 | 3 |
14%
|
| June | 5 | 0 | 1 | 3 | 1 |
6%
|
| July | 5 | 0 | 2 | 3 | 0 |
6%
|
| August | 5 | 0 | 0 | 5 | 0 |
6%
|
| September | 4 | 0 | 2 | 2 | 0 |
5%
|
| October | 8 | 0 | 2 | 2 | 4 |
10%
|
| November | 10 | 0 | 1 | 8 | 1 |
12%
|
| December | 8 | 0 | 4 | 3 | 1 |
10%
|
| Total | 83 | 0 | 21 | 41 | 21 |
All CVEs — 2006
83 CVEs
| CVE ID | Package | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|---|
| CVE-2006-1523 | linux | High | 10.0 | 2006-04-12 | The __group_complete_signal function in the RCU signal handling (signal.c) in Linux kernel 2.6.16, and possibly other v… | |
| CVE-2006-1368 | linux | High | 10.0 | 2006-03-23 | Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before 2.6.16 allows remote attackers to cau… | |
| CVE-2006-1857 | linux | High | 9.0 | 2006-05-22 | Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) a… | |
| CVE-2006-6333 | linux | High | 7.8 | 2006-12-06 | The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the wrong flag to the ip_summed field, which allows remot… | |
| CVE-2006-4623 | linux | High | 7.8 | 2006-09-11 | The Unidirectional Lightweight Encapsulation (ULE) decapsulation component in dvb-core/dvb_net.c in the dvb driver in t… | |
| CVE-2006-4663 | linux | High | 7.8 | 2006-09-09 | The source code tar archive of the Linux kernel 2.6.16, 2.6.17.11, and possibly other versions specifies weak permissio… | |
| CVE-2006-3468 | linux | High | 7.8 | 2006-07-21 | Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system pan… | |
| CVE-2006-2936 | linux | High | 7.8 | 2006-07-10 | The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows loc… | |
| CVE-2006-3085 | linux | High | 7.8 | 2006-06-23 | xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers to cause a denial of service (infinite loop) via… | |
| CVE-2006-2444 | linux | High | 7.8 | 2006-05-25 | The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause… |
2006 Linux Kernel CVE Highlights
-
Volume without critical severity
Despite high CVE volume, 2006 produced only 0 Critical-rated vulnerabilities. 49% of 2006 CVEs are Medium severity. This means the surge in raw numbers does not represent a proportional surge in high-severity risk.
-
Monthly variation
CVE publication in 2006 was uneven across months. May was the most active with 12 CVEs. February (1) had the lowest volume. Monthly spikes typically correspond to coordinated batches of backfilled CVEs being processed at once.