In 2011, 84 Linux kernel CVEs were published, sourced from the NIST National Vulnerability Database. Of these, 0 were rated Critical, 22 High severity . Compared to 2010's 127 CVEs, 2011 represented a decrease of 34% year-on-year. January was the most active month, with 23 CVEs published.
Monthly CVE Breakdown — 2011
CVEs published per month with severity breakdown
January (23) was the most active month in 2011. Together the top months account for a significant share of 2011's 84 total CVEs. October (3) had the lowest volume.
Severity Distribution — 2011
Breakdown across 84 CVEs
52% Medium · 26% High · 0% Critical.
Monthly Counts — 2011
CVE counts by month and severity
January was the most active month with 23 CVEs — 27% of 2011's total. October (3) had the lowest volume.
| Month | Total | Critical | High | Medium | Low | Share of year |
|---|---|---|---|---|---|---|
| January | 23 | 0 | 4 | 13 | 6 |
27%
|
| February | 9 | 0 | 3 | 3 | 3 |
11%
|
| March | 5 | 0 | 1 | 3 | 1 |
6%
|
| April | 4 | 0 | 0 | 2 | 2 |
5%
|
| May | 17 | 0 | 6 | 11 | 0 |
20%
|
| June | 7 | 0 | 2 | 2 | 3 |
8%
|
| July | 7 | 0 | 2 | 3 | 2 |
8%
|
| August | 4 | 0 | 1 | 3 | 0 |
5%
|
| September | 5 | 0 | 2 | 2 | 1 |
6%
|
| October | 3 | 0 | 1 | 2 | 0 |
4%
|
| Total | 84 | 0 | 22 | 44 | 18 |
All CVEs — 2011
84 CVEs
| CVE ID | Package | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|---|
| CVE-2011-1581 | linux | High | 9.0 | 2011-05-26 | The bond_select_queue function in drivers/net/bonding/bond_main.c in the Linux kernel before 2.6.39, when a network dev… | |
| CVE-2011-2497 | linux | High | 8.3 | 2011-08-29 | Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows … | |
| CVE-2010-4263 | linux | High | 7.9 | 2011-01-18 | The igb_receive_skb function in drivers/net/igb/igb_main.c in the Intel Gigabit Ethernet (aka igb) subsystem in the Lin… | |
| CVE-2011-1771 | linux | High | 7.8 | 2011-09-06 | The cifs_close function in fs/cifs/file.c in the Linux kernel before 2.6.39 allows local users to cause a denial of ser… | |
| CVE-2010-4656 | linux | High | 7.8 | 2011-07-18 | The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly alloca… | |
| CVE-2011-1093 | linux | High | 7.8 | 2011-07-18 | The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementati… | |
| CVE-2011-2534 | linux | High | 7.8 | 2011-06-22 | Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel before 2… | |
| CVE-2010-4164 | linux | High | 7.8 | 2011-01-03 | Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before… | |
| CVE-2011-2189 | linux | High | 7.5 | 2011-10-10 | net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cl… | |
| CVE-2011-1770 | linux | High | 7.5 | 2011-06-24 | Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows r… |
2011 Linux Kernel CVE Highlights
-
Volume without critical severity
Despite high CVE volume, 2011 produced only 0 Critical-rated vulnerabilities. 52% of 2011 CVEs are Medium severity. This means the surge in raw numbers does not represent a proportional surge in high-severity risk.
-
Monthly variation
CVE publication in 2011 was uneven across months. January was the most active with 23 CVEs. October (3) had the lowest volume. Monthly spikes typically correspond to coordinated batches of backfilled CVEs being processed at once.