In 2008, 80 Linux kernel CVEs were published, sourced from the NIST National Vulnerability Database. Of these, 0 were rated Critical, 32 High severity . Compared to 2007's 75 CVEs, 2008 represented an increase of 7% year-on-year. May was the most active month, with 11 CVEs published.
Monthly CVE Breakdown — 2008
CVEs published per month with severity breakdown
May (11) was the most active month in 2008. Together the top months account for a significant share of 2008's 80 total CVEs. April (1) had the lowest volume.
Severity Distribution — 2008
Breakdown across 80 CVEs
48% Medium · 40% High · 0% Critical.
Monthly Counts — 2008
CVE counts by month and severity
May was the most active month with 11 CVEs — 14% of 2008's total. April (1) had the lowest volume.
| Month | Total | Critical | High | Medium | Low | Share of year |
|---|---|---|---|---|---|---|
| January | 3 | 0 | 2 | 0 | 1 |
4%
|
| February | 7 | 0 | 4 | 1 | 2 |
9%
|
| March | 2 | 0 | 1 | 1 | 0 |
2%
|
| April | 1 | 0 | 0 | 1 | 0 |
1%
|
| May | 11 | 0 | 3 | 6 | 2 |
14%
|
| June | 7 | 0 | 3 | 4 | 0 |
9%
|
| July | 6 | 0 | 3 | 3 | 0 |
8%
|
| August | 8 | 0 | 3 | 4 | 1 |
10%
|
| September | 11 | 0 | 4 | 4 | 3 |
14%
|
| October | 8 | 0 | 2 | 6 | 0 |
10%
|
| November | 9 | 0 | 6 | 3 | 0 |
11%
|
| December | 7 | 0 | 1 | 5 | 1 |
9%
|
| Total | 80 | 0 | 32 | 38 | 10 |
All CVEs — 2008
80 CVEs
| CVE ID | Package | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|---|
| CVE-2008-5134 | linux | High | 10.0 | 2008-11-18 | Buffer overflow in the lbs_process_bss function in drivers/net/wireless/libertas/scan.c in the libertas subsystem in th… | |
| CVE-2008-3496 | linux | High | 10.0 | 2008-08-06 | Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c i… | |
| CVE-2008-1673 | linux | High | 10.0 | 2008-06-10 | The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip… | |
| CVE-2008-3915 | linux | High | 9.3 | 2008-09-11 | Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv4 is enabled, allows remote attackers to have an … | |
| CVE-2008-4395 | linux | High | 8.3 | 2008-11-06 | Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arb… | |
| CVE-2008-5025 | linux | High | 7.8 | 2008-11-17 | Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1… | |
| CVE-2008-5033 | linux | High | 7.8 | 2008-11-10 | The chip_command function in drivers/media/video/tvaudio.c in the Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x befo… | |
| CVE-2008-4933 | linux | High | 7.8 | 2008-11-05 | Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows a… | |
| CVE-2008-4934 | linux | High | 7.8 | 2008-11-05 | The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 does not check a certa… | |
| CVE-2008-4618 | linux | High | 7.8 | 2008-10-21 | The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly hand… |
2008 Linux Kernel CVE Highlights
-
Volume without critical severity
Despite high CVE volume, 2008 produced only 0 Critical-rated vulnerabilities. 48% of 2008 CVEs are Medium severity. This means the surge in raw numbers does not represent a proportional surge in high-severity risk.
-
Monthly variation
CVE publication in 2008 was uneven across months. May was the most active with 11 CVEs. April (1) had the lowest volume. Monthly spikes typically correspond to coordinated batches of backfilled CVEs being processed at once.