Exploit-db.com lists 1,214 exploits related to Linux. The Metasploit query grep -c exploit search platform:linux returns a count of 293 Linux exploit modules. The following table summarizes some of the most notable Linux vulnerabilities of all time.
Exploits and Tutorials
An existing function in the C library that eliminates the need for the attacker to inject their own shell code to take control of a target. This result allows arbitrary code execution and escalation of privilege.
Under certain conditions, this vulnerability allows attackers to circumvent protections and execute commands that would normally require a password, resulting in privilege escalation.
Exploit-db.com lists 24 sudo-related exploits.
Sticky bits are permission bits set on (mostly) directories. They only permit the owner to delete or rename files in that directory. They are especially useful in the shared directories of /var/tmp and /tmp. Sticky bit exploits can be disruptive and cause denial of service.
SUID allows a user to run a command as another user. It is often used by administrators to change a user's password. When an application needs to run as the owner, an SUID permissions bit is set to allow this. A number of executables use SUID, but are poorly coded and can allow an attacker to escalate privilege.
Note: This same technique can be used for setting the group ID (SGID).
Dirty COW Bug
A race condition in mm/gup.c leverages incorrect handling by the copy-on-write (COW) feature by kernel memory subsystem /proc/self/mem. Allows writing to private, read-only memory mappings. Affects Linux kernel 2.6.22 < 3.9 (x86/x64). CVE-2016-5195.
Five Year Bug
A race condition created by raw mode PTY local echo permits privilege escalation. Affects Linux kernel 3.14-rc1 < 3.15-rc4 (x64). CVE-2014-0196.
Remote Root Flaw
Unsafe second checksum in udp.c can give a remote attacker complete control of a system via UDP traffic. Affects pre-4.5 Linux kernel. CVE-2016-10229.