ID CVE-2014-3122
Summary The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings.
References
Vulnerable Configurations
  • Linux Kernel 3.0 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.0:rc1
  • Linux Kernel 3.0 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.0:rc2
  • Linux Kernel 3.0 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.0:rc3
  • Linux Kernel 3.0 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.0:rc4
  • Linux Kernel 3.0 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.0:rc5
  • Linux Kernel 3.0 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.0:rc6
  • Linux Kernel 3.0 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.0:rc7
  • Linux Kernel 3.0.1
    cpe:2.3:o:linux:linux_kernel:3.0.1
  • Linux Kernel 3.0.2
    cpe:2.3:o:linux:linux_kernel:3.0.2
  • Linux Kernel 3.0.3
    cpe:2.3:o:linux:linux_kernel:3.0.3
  • Linux Kernel 3.0.4
    cpe:2.3:o:linux:linux_kernel:3.0.4
  • Linux Kernel 3.0.5
    cpe:2.3:o:linux:linux_kernel:3.0.5
  • Linux Kernel 3.0.6
    cpe:2.3:o:linux:linux_kernel:3.0.6
  • Linux Kernel 3.0.7
    cpe:2.3:o:linux:linux_kernel:3.0.7
  • Linux Kernel 3.0.8
    cpe:2.3:o:linux:linux_kernel:3.0.8
  • Linux Kernel 3.0.9
    cpe:2.3:o:linux:linux_kernel:3.0.9
  • Linux Kernel 3.0.10
    cpe:2.3:o:linux:linux_kernel:3.0.10
  • Linux Kernel 3.0.11
    cpe:2.3:o:linux:linux_kernel:3.0.11
  • Linux Kernel 3.0.12
    cpe:2.3:o:linux:linux_kernel:3.0.12
  • Linux Kernel 3.0.13
    cpe:2.3:o:linux:linux_kernel:3.0.13
  • Linux Kernel 3.0.14
    cpe:2.3:o:linux:linux_kernel:3.0.14
  • Linux Kernel 3.0.15
    cpe:2.3:o:linux:linux_kernel:3.0.15
  • Linux Kernel 3.0.16
    cpe:2.3:o:linux:linux_kernel:3.0.16
  • Linux Kernel 3.0.17
    cpe:2.3:o:linux:linux_kernel:3.0.17
  • Linux Kernel 3.0.18
    cpe:2.3:o:linux:linux_kernel:3.0.18
  • Linux Kernel 3.0.19
    cpe:2.3:o:linux:linux_kernel:3.0.19
  • Linux Kernel 3.0.20
    cpe:2.3:o:linux:linux_kernel:3.0.20
  • Linux Kernel 3.0.21
    cpe:2.3:o:linux:linux_kernel:3.0.21
  • Linux Kernel 3.0.22
    cpe:2.3:o:linux:linux_kernel:3.0.22
  • Linux Kernel 3.0.23
    cpe:2.3:o:linux:linux_kernel:3.0.23
  • Linux Kernel 3.0.24
    cpe:2.3:o:linux:linux_kernel:3.0.24
  • Linux Kernel 3.0.25
    cpe:2.3:o:linux:linux_kernel:3.0.25
  • Linux Kernel 3.0.26
    cpe:2.3:o:linux:linux_kernel:3.0.26
  • Linux Kernel 3.0.27
    cpe:2.3:o:linux:linux_kernel:3.0.27
  • Linux Kernel 3.0.28
    cpe:2.3:o:linux:linux_kernel:3.0.28
  • Linux Kernel 3.0.29
    cpe:2.3:o:linux:linux_kernel:3.0.29
  • Linux Kernel 3.0.30
    cpe:2.3:o:linux:linux_kernel:3.0.30
  • Linux Kernel 3.0.31
    cpe:2.3:o:linux:linux_kernel:3.0.31
  • Linux Kernel 3.0.32
    cpe:2.3:o:linux:linux_kernel:3.0.32
  • Linux Kernel 3.0.33
    cpe:2.3:o:linux:linux_kernel:3.0.33
  • Linux Kernel 3.0.34
    cpe:2.3:o:linux:linux_kernel:3.0.34
  • Linux Kernel 3.0.35
    cpe:2.3:o:linux:linux_kernel:3.0.35
  • Linux Kernel 3.0.36
    cpe:2.3:o:linux:linux_kernel:3.0.36
  • Linux Kernel 3.0.37
    cpe:2.3:o:linux:linux_kernel:3.0.37
  • Linux Kernel 3.0.38
    cpe:2.3:o:linux:linux_kernel:3.0.38
  • Linux Kernel 3.0.39
    cpe:2.3:o:linux:linux_kernel:3.0.39
  • Linux Kernel 3.0.40
    cpe:2.3:o:linux:linux_kernel:3.0.40
  • Linux Kernel 3.0.41
    cpe:2.3:o:linux:linux_kernel:3.0.41
  • Linux Kernel 3.0.42
    cpe:2.3:o:linux:linux_kernel:3.0.42
  • Linux Kernel 3.0.43
    cpe:2.3:o:linux:linux_kernel:3.0.43
  • Linux Kernel 3.0.44
    cpe:2.3:o:linux:linux_kernel:3.0.44
  • Linux Kernel 3.0.45
    cpe:2.3:o:linux:linux_kernel:3.0.45
  • Linux Kernel 3.0.46
    cpe:2.3:o:linux:linux_kernel:3.0.46
  • Linux Kernel 3.0.47
    cpe:2.3:o:linux:linux_kernel:3.0.47
  • Linux Kernel 3.0.48
    cpe:2.3:o:linux:linux_kernel:3.0.48
  • Linux Kernel 3.0.49
    cpe:2.3:o:linux:linux_kernel:3.0.49
  • Linux Kernel 3.0.50
    cpe:2.3:o:linux:linux_kernel:3.0.50
  • Linux Kernel 3.0.51
    cpe:2.3:o:linux:linux_kernel:3.0.51
  • Linux Kernel 3.0.52
    cpe:2.3:o:linux:linux_kernel:3.0.52
  • Linux Kernel 3.0.53
    cpe:2.3:o:linux:linux_kernel:3.0.53
  • Linux Kernel 3.0.54
    cpe:2.3:o:linux:linux_kernel:3.0.54
  • Linux Kernel 3.0.55
    cpe:2.3:o:linux:linux_kernel:3.0.55
  • Linux Kernel 3.0.56
    cpe:2.3:o:linux:linux_kernel:3.0.56
  • Linux Kernel 3.0.57
    cpe:2.3:o:linux:linux_kernel:3.0.57
  • Linux Kernel 3.0.58
    cpe:2.3:o:linux:linux_kernel:3.0.58
  • Linux Kernel 3.0.59
    cpe:2.3:o:linux:linux_kernel:3.0.59
  • Linux Kernel 3.0.60
    cpe:2.3:o:linux:linux_kernel:3.0.60
  • Linux Kernel 3.0.61
    cpe:2.3:o:linux:linux_kernel:3.0.61
  • Linux Kernel 3.0.62
    cpe:2.3:o:linux:linux_kernel:3.0.62
  • Linux Kernel 3.0.63
    cpe:2.3:o:linux:linux_kernel:3.0.63
  • Linux Kernel 3.0.64
    cpe:2.3:o:linux:linux_kernel:3.0.64
  • Linux Kernel 3.0.65
    cpe:2.3:o:linux:linux_kernel:3.0.65
  • Linux Kernel 3.0.66
    cpe:2.3:o:linux:linux_kernel:3.0.66
  • Linux Kernel 3.0.67
    cpe:2.3:o:linux:linux_kernel:3.0.67
  • Linux Kernel 3.0.68
    cpe:2.3:o:linux:linux_kernel:3.0.68
  • Linux Kernel 3.1
    cpe:2.3:o:linux:linux_kernel:3.1
  • Linux Kernel 3.1 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.1:rc1
  • Linux Kernel 3.1 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.1:rc2
  • Linux Kernel 3.1 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.1:rc3
  • Linux Kernel 3.1 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.1:rc4
  • Linux Kernel 3.1.1
    cpe:2.3:o:linux:linux_kernel:3.1.1
  • Linux Kernel 3.1.2
    cpe:2.3:o:linux:linux_kernel:3.1.2
  • Linux Kernel 3.1.3
    cpe:2.3:o:linux:linux_kernel:3.1.3
  • Linux Kernel 3.1.4
    cpe:2.3:o:linux:linux_kernel:3.1.4
  • Linux Kernel 3.1.5
    cpe:2.3:o:linux:linux_kernel:3.1.5
  • Linux Kernel 3.1.6
    cpe:2.3:o:linux:linux_kernel:3.1.6
  • Linux Kernel 3.1.7
    cpe:2.3:o:linux:linux_kernel:3.1.7
  • Linux Kernel 3.1.8
    cpe:2.3:o:linux:linux_kernel:3.1.8
  • Linux Kernel 3.1.9
    cpe:2.3:o:linux:linux_kernel:3.1.9
  • Linux Kernel 3.1.10
    cpe:2.3:o:linux:linux_kernel:3.1.10
  • Linux Kernel 3.2
    cpe:2.3:o:linux:linux_kernel:3.2
  • Linux Kernel 3.2 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.2:rc2
  • Linux Kernel 3.2 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.2:rc3
  • Linux Kernel 3.2 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.2:rc4
  • Linux Kernel 3.2 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.2:rc5
  • Linux Kernel 3.2 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.2:rc6
  • Linux Kernel 3.2 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.2:rc7
  • Linux Kernel 3.2.1
    cpe:2.3:o:linux:linux_kernel:3.2.1
  • Linux Kernel 3.2.2
    cpe:2.3:o:linux:linux_kernel:3.2.2
  • Linux Kernel 3.2.3
    cpe:2.3:o:linux:linux_kernel:3.2.3
  • Linux Kernel 3.2.4
    cpe:2.3:o:linux:linux_kernel:3.2.4
  • Linux Kernel 3.2.5
    cpe:2.3:o:linux:linux_kernel:3.2.5
  • Linux Kernel 3.2.6
    cpe:2.3:o:linux:linux_kernel:3.2.6
  • Linux Kernel 3.2.7
    cpe:2.3:o:linux:linux_kernel:3.2.7
  • Linux Kernel 3.2.8
    cpe:2.3:o:linux:linux_kernel:3.2.8
  • Linux Kernel 3.2.9
    cpe:2.3:o:linux:linux_kernel:3.2.9
  • Linux Kernel 3.2.10
    cpe:2.3:o:linux:linux_kernel:3.2.10
  • Linux Kernel 3.2.11
    cpe:2.3:o:linux:linux_kernel:3.2.11
  • Linux Kernel 3.2.12
    cpe:2.3:o:linux:linux_kernel:3.2.12
  • Linux Kernel 3.2.13
    cpe:2.3:o:linux:linux_kernel:3.2.13
  • Linux Kernel 3.2.14
    cpe:2.3:o:linux:linux_kernel:3.2.14
  • Linux Kernel 3.2.15
    cpe:2.3:o:linux:linux_kernel:3.2.15
  • Linux Kernel 3.2.16
    cpe:2.3:o:linux:linux_kernel:3.2.16
  • Linux Kernel 3.2.17
    cpe:2.3:o:linux:linux_kernel:3.2.17
  • Linux Kernel 3.2.18
    cpe:2.3:o:linux:linux_kernel:3.2.18
  • Linux Kernel 3.2.19
    cpe:2.3:o:linux:linux_kernel:3.2.19
  • Linux Kernel 3.2.20
    cpe:2.3:o:linux:linux_kernel:3.2.20
  • Linux Kernel 3.2.21
    cpe:2.3:o:linux:linux_kernel:3.2.21
  • Linux Kernel 3.2.22
    cpe:2.3:o:linux:linux_kernel:3.2.22
  • Linux Kernel 3.2.23
    cpe:2.3:o:linux:linux_kernel:3.2.23
  • Linux Kernel 3.2.24
    cpe:2.3:o:linux:linux_kernel:3.2.24
  • Linux Kernel 3.2.25
    cpe:2.3:o:linux:linux_kernel:3.2.25
  • Linux Kernel 3.2.26
    cpe:2.3:o:linux:linux_kernel:3.2.26
  • Linux Kernel 3.2.27
    cpe:2.3:o:linux:linux_kernel:3.2.27
  • Linux Kernel 3.2.28
    cpe:2.3:o:linux:linux_kernel:3.2.28
  • Linux Kernel 3.2.29
    cpe:2.3:o:linux:linux_kernel:3.2.29
  • Linux Kernel 3.2.30
    cpe:2.3:o:linux:linux_kernel:3.2.30
  • Linux Kernel 3.3
    cpe:2.3:o:linux:linux_kernel:3.3
  • Linux Kernel 3.3 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.3:rc1
  • Linux Kernel 3.3 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.3:rc2
  • Linux Kernel 3.3 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.3:rc3
  • Linux Kernel 3.3 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.3:rc4
  • Linux Kernel 3.3 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.3:rc5
  • Linux Kernel 3.3 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.3:rc6
  • Linux Kernel 3.3 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.3:rc7
  • Linux Kernel 3.3.1
    cpe:2.3:o:linux:linux_kernel:3.3.1
  • Linux Kernel 3.3.2
    cpe:2.3:o:linux:linux_kernel:3.3.2
  • Linux Kernel 3.3.3
    cpe:2.3:o:linux:linux_kernel:3.3.3
  • Linux Kernel 3.3.4
    cpe:2.3:o:linux:linux_kernel:3.3.4
  • Linux Kernel 3.3.5
    cpe:2.3:o:linux:linux_kernel:3.3.5
  • Linux Kernel 3.3.6
    cpe:2.3:o:linux:linux_kernel:3.3.6
  • Linux Kernel 3.3.7
    cpe:2.3:o:linux:linux_kernel:3.3.7
  • Linux Kernel 3.3.8
    cpe:2.3:o:linux:linux_kernel:3.3.8
  • Linux Kernel 3.4
    cpe:2.3:o:linux:linux_kernel:3.4
  • Linux Kernel 3.4 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.4:rc1
  • Linux Kernel 3.4 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.4:rc2
  • Linux Kernel 3.4 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.4:rc3
  • Linux Kernel 3.4 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.4:rc4
  • Linux Kernel 3.4 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.4:rc5
  • Linux Kernel 3.4 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.4:rc6
  • Linux Kernel 3.4 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.4:rc7
  • Linux Kernel 3.4.1
    cpe:2.3:o:linux:linux_kernel:3.4.1
  • Linux Kernel 3.4.2
    cpe:2.3:o:linux:linux_kernel:3.4.2
  • Linux Kernel 3.4.3
    cpe:2.3:o:linux:linux_kernel:3.4.3
  • Linux Kernel 3.4.4
    cpe:2.3:o:linux:linux_kernel:3.4.4
  • Linux Kernel 3.4.5
    cpe:2.3:o:linux:linux_kernel:3.4.5
  • Linux Kernel 3.4.6
    cpe:2.3:o:linux:linux_kernel:3.4.6
  • Linux Kernel 3.4.7
    cpe:2.3:o:linux:linux_kernel:3.4.7
  • Linux Kernel 3.4.8
    cpe:2.3:o:linux:linux_kernel:3.4.8
  • Linux Kernel 3.4.9
    cpe:2.3:o:linux:linux_kernel:3.4.9
  • Linux Kernel 3.4.10
    cpe:2.3:o:linux:linux_kernel:3.4.10
  • Linux Kernel 3.4.11
    cpe:2.3:o:linux:linux_kernel:3.4.11
  • Linux Kernel 3.4.12
    cpe:2.3:o:linux:linux_kernel:3.4.12
  • Linux Kernel 3.4.13
    cpe:2.3:o:linux:linux_kernel:3.4.13
  • Linux Kernel 3.4.14
    cpe:2.3:o:linux:linux_kernel:3.4.14
  • Linux Kernel 3.4.15
    cpe:2.3:o:linux:linux_kernel:3.4.15
  • Linux Kernel 3.4.16
    cpe:2.3:o:linux:linux_kernel:3.4.16
  • Linux Kernel 3.4.17
    cpe:2.3:o:linux:linux_kernel:3.4.17
  • Linux Kernel 3.4.18
    cpe:2.3:o:linux:linux_kernel:3.4.18
  • Linux Kernel 3.4.19
    cpe:2.3:o:linux:linux_kernel:3.4.19
  • Linux Kernel 3.4.20
    cpe:2.3:o:linux:linux_kernel:3.4.20
  • Linux Kernel 3.4.21
    cpe:2.3:o:linux:linux_kernel:3.4.21
  • Linux Kernel 3.4.22
    cpe:2.3:o:linux:linux_kernel:3.4.22
  • Linux Kernel 3.4.23
    cpe:2.3:o:linux:linux_kernel:3.4.23
  • Linux Kernel 3.4.24
    cpe:2.3:o:linux:linux_kernel:3.4.24
  • Linux Kernel 3.4.25
    cpe:2.3:o:linux:linux_kernel:3.4.25
  • Linux Kernel 3.4.26
    cpe:2.3:o:linux:linux_kernel:3.4.26
  • Linux Kernel 3.4.27
    cpe:2.3:o:linux:linux_kernel:3.4.27
  • Linux Kernel 3.4.28
    cpe:2.3:o:linux:linux_kernel:3.4.28
  • Linux Kernel 3.4.29
    cpe:2.3:o:linux:linux_kernel:3.4.29
  • Linux Kernel 3.4.30
    cpe:2.3:o:linux:linux_kernel:3.4.30
  • Linux Kernel 3.4.31
    cpe:2.3:o:linux:linux_kernel:3.4.31
  • Linux Kernel 3.4.32
    cpe:2.3:o:linux:linux_kernel:3.4.32
  • Linux Kernel 3.4.33
    cpe:2.3:o:linux:linux_kernel:3.4.33
  • Linux Kernel 3.4.34
    cpe:2.3:o:linux:linux_kernel:3.4.34
  • Linux Kernel 3.4.35
    cpe:2.3:o:linux:linux_kernel:3.4.35
  • Linux Kernel 3.4.36
    cpe:2.3:o:linux:linux_kernel:3.4.36
  • Linux Kernel 3.4.37
    cpe:2.3:o:linux:linux_kernel:3.4.37
  • Linux Kernel 3.4.38
    cpe:2.3:o:linux:linux_kernel:3.4.38
  • Linux Kernel 3.4.39
    cpe:2.3:o:linux:linux_kernel:3.4.39
  • Linux Kernel 3.4.40
    cpe:2.3:o:linux:linux_kernel:3.4.40
  • Linux Kernel 3.4.41
    cpe:2.3:o:linux:linux_kernel:3.4.41
  • Linux Kernel 3.4.42
    cpe:2.3:o:linux:linux_kernel:3.4.42
  • Linux Kernel 3.4.43
    cpe:2.3:o:linux:linux_kernel:3.4.43
  • Linux Kernel 3.4.44
    cpe:2.3:o:linux:linux_kernel:3.4.44
  • Linux Kernel 3.4.45
    cpe:2.3:o:linux:linux_kernel:3.4.45
  • Linux Kernel 3.4.46
    cpe:2.3:o:linux:linux_kernel:3.4.46
  • Linux Kernel 3.4.47
    cpe:2.3:o:linux:linux_kernel:3.4.47
  • Linux Kernel 3.4.48
    cpe:2.3:o:linux:linux_kernel:3.4.48
  • Linux Kernel 3.4.49
    cpe:2.3:o:linux:linux_kernel:3.4.49
  • Linux Kernel 3.4.50
    cpe:2.3:o:linux:linux_kernel:3.4.50
  • Linux Kernel 3.4.51
    cpe:2.3:o:linux:linux_kernel:3.4.51
  • Linux Kernel 3.4.52
    cpe:2.3:o:linux:linux_kernel:3.4.52
  • Linux Kernel 3.4.53
    cpe:2.3:o:linux:linux_kernel:3.4.53
  • Linux Kernel 3.4.54
    cpe:2.3:o:linux:linux_kernel:3.4.54
  • Linux Kernel 3.4.55
    cpe:2.3:o:linux:linux_kernel:3.4.55
  • Linux Kernel 3.4.56
    cpe:2.3:o:linux:linux_kernel:3.4.56
  • Linux Kernel 3.4.57
    cpe:2.3:o:linux:linux_kernel:3.4.57
  • Linux Kernel 3.4.58
    cpe:2.3:o:linux:linux_kernel:3.4.58
  • Linux Kernel 3.4.59
    cpe:2.3:o:linux:linux_kernel:3.4.59
  • Linux Kernel 3.4.60
    cpe:2.3:o:linux:linux_kernel:3.4.60
  • Linux Kernel 3.4.61
    cpe:2.3:o:linux:linux_kernel:3.4.61
  • Linux Kernel 3.4.62
    cpe:2.3:o:linux:linux_kernel:3.4.62
  • Linux Kernel 3.4.63
    cpe:2.3:o:linux:linux_kernel:3.4.63
  • Linux Kernel 3.4.64
    cpe:2.3:o:linux:linux_kernel:3.4.64
  • Linux Kernel 3.4.65
    cpe:2.3:o:linux:linux_kernel:3.4.65
  • Linux Kernel 3.4.66
    cpe:2.3:o:linux:linux_kernel:3.4.66
  • Linux Kernel 3.4.67
    cpe:2.3:o:linux:linux_kernel:3.4.67
  • Linux Kernel 3.4.68
    cpe:2.3:o:linux:linux_kernel:3.4.68
  • Linux Kernel 3.4.69
    cpe:2.3:o:linux:linux_kernel:3.4.69
  • Linux Kernel 3.4.70
    cpe:2.3:o:linux:linux_kernel:3.4.70
  • Linux Kernel 3.4.71
    cpe:2.3:o:linux:linux_kernel:3.4.71
  • Linux Kernel 3.4.72
    cpe:2.3:o:linux:linux_kernel:3.4.72
  • Linux Kernel 3.4.73
    cpe:2.3:o:linux:linux_kernel:3.4.73
  • Linux Kernel 3.4.74
    cpe:2.3:o:linux:linux_kernel:3.4.74
  • Linux Kernel 3.4.75
    cpe:2.3:o:linux:linux_kernel:3.4.75
  • Linux Kernel 3.4.76
    cpe:2.3:o:linux:linux_kernel:3.4.76
  • Linux Kernel 3.4.77
    cpe:2.3:o:linux:linux_kernel:3.4.77
  • Linux Kernel 3.4.78
    cpe:2.3:o:linux:linux_kernel:3.4.78
  • Linux Kernel 3.4.79
    cpe:2.3:o:linux:linux_kernel:3.4.79
  • Linux Kernel 3.5.1
    cpe:2.3:o:linux:linux_kernel:3.5.1
  • Linux Kernel 3.5.2
    cpe:2.3:o:linux:linux_kernel:3.5.2
  • Linux Kernel 3.5.3
    cpe:2.3:o:linux:linux_kernel:3.5.3
  • Linux Kernel 3.5.4
    cpe:2.3:o:linux:linux_kernel:3.5.4
  • Linux Kernel 3.5.5
    cpe:2.3:o:linux:linux_kernel:3.5.5
  • Linux Kernel 3.5.6
    cpe:2.3:o:linux:linux_kernel:3.5.6
  • Linux Kernel 3.5.7
    cpe:2.3:o:linux:linux_kernel:3.5.7
  • Linux Kernel 3.6
    cpe:2.3:o:linux:linux_kernel:3.6
  • Linux Kernel 3.6.1
    cpe:2.3:o:linux:linux_kernel:3.6.1
  • Linux Kernel 3.6.2
    cpe:2.3:o:linux:linux_kernel:3.6.2
  • Linux Kernel 3.6.3
    cpe:2.3:o:linux:linux_kernel:3.6.3
  • Linux Kernel 3.6.4
    cpe:2.3:o:linux:linux_kernel:3.6.4
  • Linux Kernel 3.6.5
    cpe:2.3:o:linux:linux_kernel:3.6.5
  • Linux Kernel 3.6.6
    cpe:2.3:o:linux:linux_kernel:3.6.6
  • Linux Kernel 3.6.7
    cpe:2.3:o:linux:linux_kernel:3.6.7
  • Linux Kernel 3.6.8
    cpe:2.3:o:linux:linux_kernel:3.6.8
  • Linux Kernel 3.6.9
    cpe:2.3:o:linux:linux_kernel:3.6.9
  • Linux Kernel 3.6.10
    cpe:2.3:o:linux:linux_kernel:3.6.10
  • Linux Kernel 3.6.11
    cpe:2.3:o:linux:linux_kernel:3.6.11
  • Linux Kernel 3.7
    cpe:2.3:o:linux:linux_kernel:3.7
  • Linux Kernel 3.7.1
    cpe:2.3:o:linux:linux_kernel:3.7.1
  • Linux Kernel 3.7.2
    cpe:2.3:o:linux:linux_kernel:3.7.2
  • Linux Kernel 3.7.3
    cpe:2.3:o:linux:linux_kernel:3.7.3
  • Linux Kernel 3.7.4
    cpe:2.3:o:linux:linux_kernel:3.7.4
  • Linux Kernel 3.7.5
    cpe:2.3:o:linux:linux_kernel:3.7.5
  • Linux Kernel 3.7.6
    cpe:2.3:o:linux:linux_kernel:3.7.6
  • Linux Kernel 3.7.7
    cpe:2.3:o:linux:linux_kernel:3.7.7
  • Linux Kernel 3.7.8
    cpe:2.3:o:linux:linux_kernel:3.7.8
  • Linux Kernel 3.7.9
    cpe:2.3:o:linux:linux_kernel:3.7.9
  • Linux Kernel 3.7.10
    cpe:2.3:o:linux:linux_kernel:3.7.10
  • Linux Kernel 3.8.0
    cpe:2.3:o:linux:linux_kernel:3.8.0
  • Linux Kernel 3.8.1
    cpe:2.3:o:linux:linux_kernel:3.8.1
  • Linux Kernel 3.8.2
    cpe:2.3:o:linux:linux_kernel:3.8.2
  • Linux Kernel 3.8.3
    cpe:2.3:o:linux:linux_kernel:3.8.3
  • Linux Kernel 3.8.4
    cpe:2.3:o:linux:linux_kernel:3.8.4
  • Linux Kernel 3.8.5
    cpe:2.3:o:linux:linux_kernel:3.8.5
  • Linux Kernel 3.8.6
    cpe:2.3:o:linux:linux_kernel:3.8.6
  • Linux Kernel 3.8.7
    cpe:2.3:o:linux:linux_kernel:3.8.7
  • Linux Kernel 3.8.8
    cpe:2.3:o:linux:linux_kernel:3.8.8
  • Linux Kernel 3.8.9
    cpe:2.3:o:linux:linux_kernel:3.8.9
  • Linux Kernel 3.8.10
    cpe:2.3:o:linux:linux_kernel:3.8.10
  • Linux Kernel 3.8.11
    cpe:2.3:o:linux:linux_kernel:3.8.11
  • Linux Kernel 3.8.12
    cpe:2.3:o:linux:linux_kernel:3.8.12
  • Linux Kernel 3.8.13
    cpe:2.3:o:linux:linux_kernel:3.8.13
  • Linux Kernel 3.9 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.9:rc1
  • Linux Kernel 3.9 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.9:rc2
  • Linux Kernel 3.9 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.9:rc3
  • Linux Kernel 3.9 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.9:rc4
  • Linux Kernel 3.9 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.9:rc5
  • Linux Kernel 3.9 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.9:rc6
  • Linux Kernel 3.9 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.9:rc7
  • Linux Kernel 3.9.0
    cpe:2.3:o:linux:linux_kernel:3.9.0
  • Linux Kernel 3.9.1
    cpe:2.3:o:linux:linux_kernel:3.9.1
  • Linux Kernel 3.9.2
    cpe:2.3:o:linux:linux_kernel:3.9.2
  • Linux Kernel 3.9.3
    cpe:2.3:o:linux:linux_kernel:3.9.3
  • Linux Kernel 3.9.4
    cpe:2.3:o:linux:linux_kernel:3.9.4
  • Linux Kernel 3.9.5
    cpe:2.3:o:linux:linux_kernel:3.9.5
  • Linux Kernel 3.9.6
    cpe:2.3:o:linux:linux_kernel:3.9.6
  • Linux Kernel 3.9.7
    cpe:2.3:o:linux:linux_kernel:3.9.7
  • Linux Kernel 3.9.8
    cpe:2.3:o:linux:linux_kernel:3.9.8
  • Linux Kernel 3.9.9
    cpe:2.3:o:linux:linux_kernel:3.9.9
  • Linux Kernel 3.9.10
    cpe:2.3:o:linux:linux_kernel:3.9.10
  • Linux Kernel 3.9.11
    cpe:2.3:o:linux:linux_kernel:3.9.11
  • Linux Kernel 3.10
    cpe:2.3:o:linux:linux_kernel:3.10
  • Linux Kernel 3.10.1
    cpe:2.3:o:linux:linux_kernel:3.10.1
  • Linux Kernel 3.10.2
    cpe:2.3:o:linux:linux_kernel:3.10.2
  • Linux Kernel 3.10.3
    cpe:2.3:o:linux:linux_kernel:3.10.3
  • Linux Kernel 3.10.4
    cpe:2.3:o:linux:linux_kernel:3.10.4
  • Linux Kernel 3.10.5
    cpe:2.3:o:linux:linux_kernel:3.10.5
  • Linux Kernel 3.10.6
    cpe:2.3:o:linux:linux_kernel:3.10.6
  • Linux Kernel 3.10.7
    cpe:2.3:o:linux:linux_kernel:3.10.7
  • Linux Kernel 3.10.8
    cpe:2.3:o:linux:linux_kernel:3.10.8
  • Linux Kernel 3.10.9
    cpe:2.3:o:linux:linux_kernel:3.10.9
  • Linux Kernel 3.10.10
    cpe:2.3:o:linux:linux_kernel:3.10.10
  • Linux Kernel 3.10.11
    cpe:2.3:o:linux:linux_kernel:3.10.11
  • Linux Kernel 3.10.2
    cpe:2.3:o:linux:linux_kernel:3.10.12
  • Linux Kernel 3.10.13
    cpe:2.3:o:linux:linux_kernel:3.10.13
  • Linux Kernel 3.10.14
    cpe:2.3:o:linux:linux_kernel:3.10.14
  • Linux Kernel 3.10.15
    cpe:2.3:o:linux:linux_kernel:3.10.15
  • Linux Kernel 3.10.16
    cpe:2.3:o:linux:linux_kernel:3.10.16
  • Linux Kernel 3.10.17
    cpe:2.3:o:linux:linux_kernel:3.10.17
  • Linux Kernel 3.10.18
    cpe:2.3:o:linux:linux_kernel:3.10.18
  • Linux Kernel 3.10.19
    cpe:2.3:o:linux:linux_kernel:3.10.19
  • Linux Kernel 3.10.20
    cpe:2.3:o:linux:linux_kernel:3.10.20
  • Linux Kernel 3.10.21
    cpe:2.3:o:linux:linux_kernel:3.10.21
  • Linux Kernel 3.10.22
    cpe:2.3:o:linux:linux_kernel:3.10.22
  • Linux Kernel 3.10.23
    cpe:2.3:o:linux:linux_kernel:3.10.23
  • Linux Kernel 3.10.24
    cpe:2.3:o:linux:linux_kernel:3.10.24
  • Linux Kernel 3.10.25
    cpe:2.3:o:linux:linux_kernel:3.10.25
  • Linux Kernel 3.10.26
    cpe:2.3:o:linux:linux_kernel:3.10.26
  • Linux Kernel 3.10.27
    cpe:2.3:o:linux:linux_kernel:3.10.27
  • Linux Kernel 3.10.28
    cpe:2.3:o:linux:linux_kernel:3.10.28
  • Linux Kernel 3.10.29
    cpe:2.3:o:linux:linux_kernel:3.10.29
  • Linux Kernel 3.11
    cpe:2.3:o:linux:linux_kernel:3.11
  • Linux Kernel 3.11.1
    cpe:2.3:o:linux:linux_kernel:3.11.1
  • Linux Kernel 3.11.2
    cpe:2.3:o:linux:linux_kernel:3.11.2
  • Linux Kernel 3.11.3
    cpe:2.3:o:linux:linux_kernel:3.11.3
  • Linux Kernel 3.11.4
    cpe:2.3:o:linux:linux_kernel:3.11.4
  • Linux Kernel 3.11.5
    cpe:2.3:o:linux:linux_kernel:3.11.5
  • Linux Kernel 3.11.6
    cpe:2.3:o:linux:linux_kernel:3.11.6
  • Linux Kernel 3.11.7
    cpe:2.3:o:linux:linux_kernel:3.11.7
  • Linux Kernel 3.11.8
    cpe:2.3:o:linux:linux_kernel:3.11.8
  • Linux Kernel 3.11.9
    cpe:2.3:o:linux:linux_kernel:3.11.9
  • Linux Kernel 3.11.10
    cpe:2.3:o:linux:linux_kernel:3.11.10
  • Linux Kernel 3.12
    cpe:2.3:o:linux:linux_kernel:3.12
  • Linux Kernel 3.12.1
    cpe:2.3:o:linux:linux_kernel:3.12.1
  • Linux Kernel 3.12.2
    cpe:2.3:o:linux:linux_kernel:3.12.2
  • Linux Kernel 3.12.3
    cpe:2.3:o:linux:linux_kernel:3.12.3
  • Linux Kernel 3.12.4
    cpe:2.3:o:linux:linux_kernel:3.12.4
  • Linux Kernel 3.12.5
    cpe:2.3:o:linux:linux_kernel:3.12.5
  • Linux Kernel 3.12.6
    cpe:2.3:o:linux:linux_kernel:3.12.6
  • Linux Kernel 3.12.7
    cpe:2.3:o:linux:linux_kernel:3.12.7
  • Linux Kernel 3.12.8
    cpe:2.3:o:linux:linux_kernel:3.12.8
  • Linux Kernel 3.12.9
    cpe:2.3:o:linux:linux_kernel:3.12.9
  • Linux Kernel 3.12.10
    cpe:2.3:o:linux:linux_kernel:3.12.10
  • Linux Kernel 3.12.11
    cpe:2.3:o:linux:linux_kernel:3.12.11
  • Linux Kernel 3.12.12
    cpe:2.3:o:linux:linux_kernel:3.12.12
  • Linux Kernel 3.12.13
    cpe:2.3:o:linux:linux_kernel:3.12.13
  • Linux Kernel 3.12.14
    cpe:2.3:o:linux:linux_kernel:3.12.14
  • Linux Kernel 3.12.15
    cpe:2.3:o:linux:linux_kernel:3.12.15
  • Linux Kernel 3.12.16
    cpe:2.3:o:linux:linux_kernel:3.12.16
  • Linux Kernel 3.12.17
    cpe:2.3:o:linux:linux_kernel:3.12.17
  • Linux Kernel 3.13
    cpe:2.3:o:linux:linux_kernel:3.13
  • Linux Kernel 3.13.1
    cpe:2.3:o:linux:linux_kernel:3.13.1
  • Linux Kernel 3.13.2
    cpe:2.3:o:linux:linux_kernel:3.13.2
  • Linux Kernel 3.13.3
    cpe:2.3:o:linux:linux_kernel:3.13.3
  • Linux Kernel 3.13.4
    cpe:2.3:o:linux:linux_kernel:3.13.4
  • Linux Kernel 3.13.5
    cpe:2.3:o:linux:linux_kernel:3.13.5
  • Linux Kernel 3.13.6
    cpe:2.3:o:linux:linux_kernel:3.13.6
  • Linux Kernel 3.13.7
    cpe:2.3:o:linux:linux_kernel:3.13.7
  • Linux Kernel 3.13.8
    cpe:2.3:o:linux:linux_kernel:3.13.8
  • Linux Kernel 3.13.9
    cpe:2.3:o:linux:linux_kernel:3.13.9
  • Linux Kernel 3.13.10
    cpe:2.3:o:linux:linux_kernel:3.13.10
  • Linux Kernel 3.13.11
    cpe:2.3:o:linux:linux_kernel:3.13.11
  • Linux Kernel 3.14
    cpe:2.3:o:linux:linux_kernel:3.14
  • Linux Kernel 3.14 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.14:rc1
  • Linux Kernel 3.14 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.14:rc2
  • Linux Kernel 3.14 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.14:rc3
  • Linux Kernel 3.14 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.14:rc4
  • Linux Kernel 3.14 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.14:rc5
  • Linux Kernel 3.14 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.14:rc6
  • Linux Kernel 3.14 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.14:rc7
  • Linux Kernel 3.14 release candidate 8
    cpe:2.3:o:linux:linux_kernel:3.14:rc8
  • Linux Kernel 3.14.1
    cpe:2.3:o:linux:linux_kernel:3.14.1
  • Linux Kernel 3.14.2
    cpe:2.3:o:linux:linux_kernel:3.14.2
  • Linux Kernel 3.14.3
    cpe:2.3:o:linux:linux_kernel:3.14.3
CVSS
Base: 4.9 (as of 12-05-2014 - 11:14)
Impact:
Exploitability:
CWE CWE-264
CAPEC
  • Accessing, Modifying or Executing Executable Files
    An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Blue Boxing
    This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
  • Restful Privilege Elevation
    Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
  • Target Programs with Elevated Privileges
    This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.
  • Manipulating Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2234-1.NASL
    description Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. (CVE-2014-3153) Dmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6 UDP Fragmentation Offload (UFO) processing. A remote attacker could leverage this flaw to cause a denial of service (system crash). (CVE-2013-4387) Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2013-4470) A flaw was discovered in the Linux kernel's IPC reference counting. An unprivileged local user could exploit this flaw to cause a denial of service (OOM system crash). (CVE-2013-4483) halfdog reported an error in the AMD K7 and K8 platform support in the Linux kernel. An unprivileged local user could exploit this flaw on AMD based systems to cause a denial of service (task kill) or possibly gain privileges via a crafted application. (CVE-2014-1438) Sasha Levin reported a bug in the Linux kernel's virtual memory management subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3122). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 74355
    published 2014-06-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74355
    title Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2234-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KERNEL-140709.NASL
    description The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed : - The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interfaces own IP address, as demonstrated by rds-ping. (bnc#767610). (CVE-2012-2372) - The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. (bnc#847652). (CVE-2013-2929) - Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device. (bnc#846404). (CVE-2013-4299) - The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations. (bnc#851426). (CVE-2013-4579) - Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c. (bnc#852553). (CVE-2013-6382) - The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. (bnc#869563). (CVE-2013-7339) - The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors. (bnc#870173). (CVE-2014-0055) - drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. (bnc#870576). (CVE-2014-0077) - The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. (bnc#866102). (CVE-2014-0101) - Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. (bnc#867723). (CVE-2014-0131) - The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced. (bnc#872540). (CVE-2014-0155) - The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869). (CVE-2014-1444) - The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call. (bnc#858870). (CVE-2014-1445) - The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. (bnc#858872). (CVE-2014-1446) - The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context. (bnc#863335). (CVE-2014-1874) - The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. (bnc#867531). (CVE-2014-2309) - net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function. (bnc#868653). (CVE-2014-2523) - The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. (bnc#871561). (CVE-2014-2678) - Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. (bnc#873374). (CVE-2014-2851) - The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings. (bnc#876102). (CVE-2014-3122) - The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced. (bnc#877257). (CVE-2014-3144) - The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. (bnc#877257). (CVE-2014-3145) - kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. (bnc#880484). (CVE-2014-3917) - arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number. (CVE-2014-4508) -. (bnc#883724) - Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795). (CVE-2014-4652) - sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795). (CVE-2014-4653) - The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call. (bnc#883795). (CVE-2014-4654) - The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls. (bnc#883795). (CVE-2014-4655) - Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function. (bnc#883795). (CVE-2014-4656) - The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls. (bnc#885725). (CVE-2014-4699) Also the following non-security bugs have been fixed : - kernel: avoid page table walk on user space access (bnc#878407, LTC#110316). - spinlock: fix system hang with spin_retry <= 0 (bnc#874145, LTC#110189). - x86/UV: Set n_lshift based on GAM_GR_CONFIG MMR for UV3. (bnc#876176) - x86: Enable multiple CPUs in crash kernel. (bnc#846690) - x86/mce: Fix CMCI preemption bugs. (bnc#786450) - x86, CMCI: Add proper detection of end of CMCI storms. (bnc#786450) - futex: revert back to the explicit waiter counting code. (bnc#851603) - futex: avoid race between requeue and wake. (bnc#851603) - intel-iommu: fix off-by-one in pagetable freeing. (bnc#874577) - ia64: Change default PSR.ac from '1' to '0' (Fix erratum #237). (bnc#874108) - drivers/rtc/interface.c: fix infinite loop in initializing the alarm. (bnc#871676) - drm/ast: Fix double lock at PM resume. (bnc#883380) - drm/ast: add widescreen + rb modes from X.org driver (v2). (bnc#883380) - drm/ast: deal with bo reserve fail in dirty update path. (bnc#883380) - drm/ast: do not attempt to acquire a reservation while in an interrupt handler. (bnc#883380) - drm/ast: fix the ast open key function. (bnc#883380) - drm/ast: fix value check in cbr_scan2. (bnc#883380) - drm/ast: inline reservations. (bnc#883380) - drm/ast: invalidate page tables when pinning a BO. (bnc#883380) - drm/ast: rename the mindwm/moutdwm and deinline them. (bnc#883380) - drm/ast: resync the dram post code with upstream. (bnc#883380) - drm: ast: use drm_can_sleep. (bnc#883380) - drm/ast: use drm_modeset_lock_all. (bnc#883380) - drm/: Unified handling of unimplemented fb->create_handle. (bnc#883380) - drm/mgag200,ast,cirrus: fix regression with drm_can_sleep conversion. (bnc#883380) - drm/mgag200: Consolidate depth/bpp handling. (bnc#882324) - drm/ast: Initialized data needed to map fbdev memory. (bnc#880007) - drm/ast: add AST 2400 support. (bnc#880007) - drm/ast: Initialized data needed to map fbdev memory. (bnc#880007) - drm/mgag200: on cards with < 2MB VRAM default to 16-bit. (bnc#882324) - drm/mgag200: fix typo causing bw limits to be ignored on some chips. (bnc#882324) - drm/ttm: do not oops if no invalidate_caches(). (bnc#869414) - drm/i915: Break encoder->crtc link separately in intel_sanitize_crtc(). (bnc#855126) - dlm: keep listening connection alive with sctp mode. (bnc#881939) - series.conf: Clarify comment about Xen kabi adjustments (bnc#876114#c25) - btrfs: fix a crash when running balance and defrag concurrently. - btrfs: unset DCACHE_DISCONNECTED when mounting default subvol. (bnc#866615) - btrfs: free delayed node outside of root->inode_lock. (bnc#866864) - btrfs: return EPERM when deleting a default subvolume. (bnc#869934) - btrfs: do not loop on large offsets in readdir. (bnc#863300) - sched: Consider pi boosting in setscheduler. - sched: Queue RT tasks to head when prio drops. - sched: Adjust sched_reset_on_fork when nothing else changes. - sched: Fix clock_gettime(CLOCK__CPUTIME_ID) monotonicity. (bnc#880357) - sched: Do not allow scheduler time to go backwards. (bnc#880357) - sched: Make scale_rt_power() deal with backward clocks. (bnc#865310) - sched: Use CPUPRI_NR_PRIORITIES instead of MAX_RT_PRIO in cpupri check. (bnc#871861) - sched: update_rq_clock() must skip ONE update. (bnc#869033, bnc#868528) - tcp: allow to disable cwnd moderation in TCP_CA_Loss state. (bnc#879921) - tcp: clear xmit timers in tcp_v4_syn_recv_sock(). (bnc#862429) - net: add missing bh_unlock_sock() calls. (bnc#862429) - bonding: fix vlan_features computing. (bnc#872634) - vlan: more careful checksum features handling. (bnc#872634) - xfrm: fix race between netns cleanup and state expire notification. (bnc#879957) - xfrm: check peer pointer for null before calling inet_putpeer(). (bnc#877775) - ipv6: do not overwrite inetpeer metrics prematurely. (bnc#867362) - pagecachelimit: reduce lru_lock contention for heavy parallel kabi fixup:. (bnc#878509, bnc#864464) - pagecachelimit: reduce lru_lock contention for heavy parallel reclaim. (bnc#878509, bnc#864464) - TTY: serial, cleanup include file. (bnc#881571) - TTY: serial, fix includes in some drivers. (bnc#881571) - serial_core: Fix race in uart_handle_dcd_change. (bnc#881571) - powerpc/perf: Power8 PMU support. (bnc#832710) - powerpc/perf: Add support for SIER. (bnc#832710) - powerpc/perf: Add regs_no_sipr(). (bnc#832710) - powerpc/perf: Add an accessor for regs->result. (bnc#832710) - powerpc/perf: Convert mmcra_sipr/sihv() to regs_sipr/sihv(). (bnc#832710) - powerpc/perf: Add an explict flag indicating presence of SLOT field. (bnc#832710) - swiotlb: do not assume PA 0 is invalid. (bnc#865882) - lockref: implement lockless reference count updates using cmpxchg() (FATE#317271). - af_iucv: wrong mapping of sent and confirmed skbs (bnc#878407, LTC#110452). - af_iucv: recvmsg problem for SOCK_STREAM sockets (bnc#878407, LTC#110452). - af_iucv: fix recvmsg by replacing skb_pull() function (bnc#878407, LTC#110452). - qla2xxx: Poll during initialization for ISP25xx and ISP83xx. (bnc#837563) - qla2xxx: Fix request queue null dereference. (bnc#859840) - lpfc 8.3.41: Fixed SLI3 failing FCP write on check-condition no-sense with residual zero. (bnc#850915) - reiserfs: call truncate_setsize under tailpack mutex. (bnc#878115) - reiserfs: drop vmtruncate. (bnc#878115) - ipvs: handle IPv6 fragments with one-packet scheduling. (bnc#861980) - kabi: hide modifications of struct sk_buff done by bnc#861980 fix. (bnc#861980) - loop: remove the incorrect write_begin/write_end shortcut. (bnc#878123) - watchdog: hpwdt patch to display informative string. (bnc#862934) - watchdog: hpwdt: Patch to ignore auxilary iLO devices. (bnc#862934) - watchdog: hpwdt: Add check for UEFI bits. (bnc#862934) - watchdog: hpwdt.c: Increase version string. (bnc#862934) - hpilo: Correct panic when an AUX iLO is detected. (bnc#837563) - locking/mutexes: Introduce cancelable MCS lock for adaptive spinning (FATE#317271). - locking/mutexes: Modify the way optimistic spinners are queued (FATE#317271). - locking/mutexes: Return false if task need_resched() in mutex_can_spin_on_owner() (FATE#317271). - mutex: Enable the queuing of mutex spinners with MCS lock (FATE#317271). config: disabled on all flavors - mutex: Queue mutex spinners with MCS lock to reduce cacheline contention (FATE#317271). - memcg: deprecate memory.force_empty knob. (bnc#878274) - kabi: protect struct net from bnc#877013 changes. (bnc#877013) - netfilter: nfnetlink_queue: add net namespace support for nfnetlink_queue. (bnc#877013) - netfilter: make /proc/net/netfilter pernet. (bnc#877013) - netfilter: xt_hashlimit: fix proc entry leak in netns destroy path. (bnc#871634) - netfilter: xt_hashlimit: fix namespace destroy path. (bnc#871634) - netfilter: nf_queue: reject NF_STOLEN verdicts from userspace. (bnc#870877) - netfilter: avoid double free in nf_reinject. (bnc#870877) - netfilter: ctnetlink: fix race between delete and timeout expiration. (bnc#863410) - netfilter: reuse skb->nfct_reasm for ipvs conn reference. (bnc#861980) - mm: per-thread vma caching (FATE#317271). config: enable CONFIG_VMA_CACHE for x86_64/bigsmp - mm, hugetlb: improve page-fault scalability (FATE#317271). - mm: vmscan: Do not throttle based on pfmemalloc reserves if node has no ZONE_NORMAL. (bnc#870496) - mm: fix off-by-one bug in print_nodes_state(). (bnc#792271) - hugetlb: ensure hugepage access is denied if hugepages are not supported (PowerKVM crash when mounting hugetlbfs without hugepage support (bnc#870498)). - SELinux: Increase ebitmap_node size for 64-bit configuration (FATE#317271). - SELinux: Reduce overhead of mls_level_isvalid() function call (FATE#317271). - mutex: Fix debug_mutexes (FATE#317271). - mutex: Fix debug checks (FATE#317271). - locking/mutexes: Unlock the mutex without the wait_lock (FATE#317271). - epoll: do not take the nested ep->mtx on EPOLL_CTL_DEL (FATE#317271). - epoll: do not take global 'epmutex' for simple topologies (FATE#317271). - epoll: optimize EPOLL_CTL_DEL using rcu (FATE#317271). - vfs: Fix missing unlock of vfsmount_lock in unlazy_walk. (bnc#880437) - dcache: kABI fixes for lockref dentries (FATE#317271). - vfs: make sure we do not have a stale root path if unlazy_walk() fails (FATE#317271). - vfs: fix dentry RCU to refcounting possibly sleeping dput() (FATE#317271). - vfs: use lockref 'dead' flag to mark unrecoverably dead dentries (FATE#317271). - vfs: reimplement d_rcu_to_refcount() using lockref_get_or_lock() (FATE#317271). - vfs: Remove second variable named error in __dentry_path (FATE#317271). - make prepend_name() work correctly when called with negative *buflen (FATE#317271). - prepend_path() needs to reinitialize dentry/vfsmount on restarts (FATE#317271). - dcache: get/release read lock in read_seqbegin_or_lock() & friend (FATE#317271). - seqlock: Add a new locking reader type (FATE#317271). - dcache: Translating dentry into pathname without taking rename_lock (FATE#317271). - vfs: make the dentry cache use the lockref infrastructure (FATE#317271). - vfs: Remove dentry->d_lock locking from shrink_dcache_for_umount_subtree() (FATE#317271). - vfs: use lockref_get_not_zero() for optimistic lockless dget_parent() (FATE#317271). - vfs: constify dentry parameter in d_count() (FATE#317271). - helper for reading ->d_count (FATE#317271). - lockref: use arch_mutex_cpu_relax() in CMPXCHG_LOOP() (FATE#317271). - lockref: allow relaxed cmpxchg64 variant for lockless updates (FATE#317271). - lockref: use cmpxchg64 explicitly for lockless updates (FATE#317271). - lockref: add ability to mark lockrefs 'dead' (FATE#317271). - lockref: fix docbook argument names (FATE#317271). - lockref: Relax in cmpxchg loop (FATE#317271). - lockref: implement lockless reference count updates using cmpxchg() (FATE#317271). - lockref: uninline lockref helper functions (FATE#317271). - lockref: add lockref_get_or_lock() helper (FATE#317271). - Add new lockref infrastructure reference implementation (FATE#317271). - vfs: make lremovexattr retry once on ESTALE error. (bnc#876463) - vfs: make removexattr retry once on ESTALE. (bnc#876463) - vfs: make llistxattr retry once on ESTALE error. (bnc#876463) - vfs: make listxattr retry once on ESTALE error. (bnc#876463) - vfs: make lgetxattr retry once on ESTALE. (bnc#876463) - vfs: make getxattr retry once on an ESTALE error. (bnc#876463) - vfs: allow lsetxattr() to retry once on ESTALE errors. (bnc#876463) - vfs: allow setxattr to retry once on ESTALE errors. (bnc#876463) - vfs: allow utimensat() calls to retry once on an ESTALE error. (bnc#876463) - vfs: fix user_statfs to retry once on ESTALE errors. (bnc#876463) - vfs: make fchownat retry once on ESTALE errors. (bnc#876463) - vfs: make fchmodat retry once on ESTALE errors. (bnc#876463) - vfs: have chroot retry once on ESTALE error. (bnc#876463) - vfs: have chdir retry lookup and call once on ESTALE error. (bnc#876463) - vfs: have faccessat retry once on an ESTALE error. (bnc#876463) - vfs: have do_sys_truncate retry once on an ESTALE error. (bnc#876463) - vfs: fix renameat to retry on ESTALE errors. (bnc#876463) - vfs: make do_unlinkat retry once on ESTALE errors. (bnc#876463) - vfs: make do_rmdir retry once on ESTALE errors. (bnc#876463) - vfs: fix linkat to retry once on ESTALE errors. (bnc#876463) - vfs: fix symlinkat to retry on ESTALE errors. (bnc#876463) - vfs: fix mkdirat to retry once on an ESTALE error. (bnc#876463) - vfs: fix mknodat to retry on ESTALE errors. (bnc#876463) - vfs: add a flags argument to user_path_parent. (bnc#876463) - vfs: fix readlinkat to retry on ESTALE. (bnc#876463) - vfs: make fstatat retry on ESTALE errors from getattr call. (bnc#876463) - vfs: add a retry_estale helper function to handle retries on ESTALE. (bnc#876463) - crypto: s390 - fix aes,des ctr mode concurrency finding (bnc#874145, LTC#110078). - s390/cio: fix unlocked access of global bitmap (bnc#874145, LTC#109378). - s390/css: stop stsch loop after cc 3 (bnc#874145, LTC#109378). - s390/pci: add kmsg man page (bnc#874145, LTC#109224). - s390/pci/dma: use correct segment boundary size (bnc#866081, LTC#104566). - cio: Fix missing subchannels after CHPID configure on (bnc#866081, LTC#104808). - cio: Fix process hangs during subchannel scan (bnc#866081, LTC#104805). - cio: fix unusable device (bnc#866081, LTC#104168). - qeth: postpone freeing of qdio memory (bnc#874145, LTC#107873). - Fix race between starved list and device removal. (bnc#861636) - namei.h: include errno.h. (bnc#876463) - ALSA: hda - Implement bind mixer ctls for Conexant. (bnc#872188) - ALSA: hda - Fix invalid Auto-Mute Mode enum from cxt codecs. (bnc#872188) - ALSA: hda - Fix conflicting Capture Source on cxt codecs. (bnc#872188) - ALSA: usb-audio: Fix NULL dereference while quick replugging. (bnc#870335) - powerpc: Bring all threads online prior to migration/hibernation. (bnc#870591) - powerpc/pseries: Update dynamic cache nodes for suspend/resume operation. (bnc#873463) - powerpc/pseries: Device tree should only be updated once after suspend/migrate. (bnc#873463) - powerpc/pseries: Expose in kernel device tree update to drmgr. (bnc#873463) - powerpc: Add second POWER8 PVR entry. (bnc#874440) - libata/ahci: accommodate tag ordered controllers. (bnc#871728) - md: try to remove cause of a spinning md thread. (bnc#875386) - md: fix up plugging (again). (bnc#866800) - NFSv4: Fix a reboot recovery race when opening a file. (bnc#864404) - NFSv4: Ensure delegation recall and byte range lock removal do not conflict. (bnc#864404) - NFSv4: Fix up the return values of nfs4_open_delegation_recall. (bnc#864404) - NFSv4.1: Do not lose locks when a server reboots during delegation return. (bnc#864404) - NFSv4.1: Prevent deadlocks between state recovery and file locking. (bnc#864404) - NFSv4: Allow the state manager to mark an open_owner as being recovered. (bnc#864404) - NFS: nfs_inode_return_delegation() should always flush dirty data. (bnc#864404) - NFSv4: nfs_client_return_marked_delegations cannot flush data. (bnc#864404) - NFS: avoid excessive GETATTR request when attributes expired but cached directory is valid. (bnc#857926) - seqlock: add 'raw_seqcount_begin()' function. (bnc#864404) - Allow nfsdv4 to work when fips=1. (bnc#868488) - NFSv4: Add ACCESS operation to OPEN compound. (bnc#870958) - NFSv4: Fix unnecessary delegation returns in nfs4_do_open. (bnc#870958) - NFSv4: The NFSv4.0 client must send RENEW calls if it holds a delegation. (bnc#863873) - NFSv4: nfs4_proc_renew should be declared static. (bnc#863873) - NFSv4: do not put ACCESS in OPEN compound if O_EXCL. (bnc#870958) - NFS: revalidate on open if dcache is negative. (bnc#876463) - NFSD add module parameter to disable delegations. (bnc#876463) - Do not lose sockets when nfsd shutdown races with connection timeout. (bnc#871854) - timer: Prevent overflow in apply_slack. (bnc#873061) - mei: me: do not load the driver if the FW does not support MEI interface. (bnc#821619) - ipmi: Reset the KCS timeout when starting error recovery. (bnc#870618) - ipmi: Fix a race restarting the timer. (bnc#870618) - ipmi: increase KCS timeouts. (bnc#870618) - bnx2x: Fix kernel crash and data miscompare after EEH recovery. (bnc#881761) - bnx2x: Adapter not recovery from EEH error injection. (bnc#881761) - kabi: hide modifications of struct inet_peer done by bnc#867953 fix. (bnc#867953) - inetpeer: prevent unlinking from unused list twice. (bnc#867953) - Ignore selected taints for tracepoint modules (bnc#870450, FATE#317134). - Use 'E' instead of 'X' for unsigned module taint flag (bnc#870450,FATE#317134). - Fix: module signature vs tracepoints: add new TAINT_UNSIGNED_MODULE (bnc#870450,FATE#317134). - xhci: extend quirk for Renesas cards. (bnc#877497) - scsi: return target failure on EMC inactive snapshot. (bnc#840524) - virtio_balloon: do not softlockup on huge balloon changes. (bnc#871899) - ch: add refcounting. (bnc#867517) - storvsc: NULL pointer dereference fix. (bnc#865330) - Unlock the rename_lock in dentry_path() in the case when path is too long. (bnc#868748)
    last seen 2019-02-21
    modified 2014-09-05
    plugin id 76557
    published 2014-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76557
    title SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9488 / 9491 / 9493)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-201.NASL
    description Multiple vulnerabilities has been found and corrected in the Linux kernel : The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings (CVE-2014-3122). Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event (CVE-2014-3181). Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value (CVE-2014-3182). The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (CVE-2014-3184). Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (CVE-2014-3185). Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report (CVE-2014-3186). arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call (CVE-2014-3534). The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages (CVE-2014-3601). The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction (CVE-2014-5077). The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a mount -o remount command within a user namespace (CVE-2014-5206). Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry (CVE-2014-5471). The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry (CVE-2014-5472). The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode (CVE-2014-6410). The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call (CVE-2014-7975). The updated packages provides a solution for these security issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 78617
    published 2014-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78617
    title Mandriva Linux Security Advisory : kernel (MDVSA-2014:201)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2241-1.NASL
    description Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. (CVE-2014-3153) A flaw was discovered in the Linux kernel virtual machine's (kvm) validation of interrupt requests (irq). A guest OS user could exploit this flaw to cause a denial of service (host OS crash). (CVE-2014-0155) An information leak was discovered in the netfilter subsystem of the Linux kernel. An attacker could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-2568) Sasha Levin reported a bug in the Linux kernel's virtual memory management subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3122). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 74361
    published 2014-06-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74361
    title Ubuntu 13.10 : linux vulnerabilities (USN-2241-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2233-1.NASL
    description Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. (CVE-2014-3153) Dmitry Vyukov reported a flaw in the Linux kernel's handling of IPv6 UDP Fragmentation Offload (UFO) processing. A remote attacker could leverage this flaw to cause a denial of service (system crash). (CVE-2013-4387) Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2013-4470) A flaw was discovered in the Linux kernel's IPC reference counting. An unprivileged local user could exploit this flaw to cause a denial of service (OOM system crash). (CVE-2013-4483) halfdog reported an error in the AMD K7 and K8 platform support in the Linux kernel. An unprivileged local user could exploit this flaw on AMD based systems to cause a denial of service (task kill) or possibly gain privileges via a crafted application. (CVE-2014-1438) Sasha Levin reported a bug in the Linux kernel's virtual memory management subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3122). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 74354
    published 2014-06-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74354
    title Ubuntu 10.04 LTS : linux vulnerabilities (USN-2233-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2260-1.NASL
    description A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges. (CVE-2014-0196) Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. (CVE-2014-3153) Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1738) Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. (CVE-2014-1737) A flaw was discovered in the handling of network packets when mergeable buffers are disabled for virtual machines in the Linux kernel. Guest OS users may exploit this flaw to cause a denial of service (host OS crash) or possibly gain privilege on the host OS. (CVE-2014-0077) An information leak was discovered in the netfilter subsystem of the Linux kernel. An attacker could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-2568) A flaw was discovered in the Linux kernel's ping sockets. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges via a crafted application. (CVE-2014-2851) Sasha Levin reported a bug in the Linux kernel's virtual memory management subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3122). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 76295
    published 2014-06-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76295
    title Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2260-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2239-1.NASL
    description Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. (CVE-2014-3153) A flaw was discovered in the Linux kernel virtual machine's (kvm) validation of interrupt requests (irq). A guest OS user could exploit this flaw to cause a denial of service (host OS crash). (CVE-2014-0155) An information leak was discovered in the netfilter subsystem of the Linux kernel. An attacker could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-2568) Sasha Levin reported a bug in the Linux kernel's virtual memory management subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3122). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 74359
    published 2014-06-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74359
    title Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2239-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-3083.NASL
    description Description of changes: kernel-uek [2.6.32-400.36.9.el5uek] - ALSA: control: Don't access controls outside of protected regions (Lars-Peter Clausen) [Orabug: 19817787] {CVE-2014-4653} {CVE-2014-4654} {CVE-2014-4655} - ALSA: control: Fix replacing user controls (Lars-Peter Clausen) [Orabug: 19817749] {CVE-2014-4653} {CVE-2014-4654} {CVE-2014-4655} - mm: try_to_unmap_cluster() should lock_page() before mlocking (Vlastimil Babka) [Orabug: 19817324] {CVE-2014-3122} - vm: convert fb_mmap to vm_iomap_memory() helper (Linus Torvalds) [Orabug: 19816564] {CVE-2013-2596} - vm: add vm_iomap_memory() helper function (Linus Torvalds) [Orabug: 19816564] {CVE-2013-2596} - net: sctp: inherit auth_capable on INIT collisions (Daniel Borkmann) [Orabug: 19816069] {CVE-2014-5077}
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 78580
    published 2014-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78580
    title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3083)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-6354.NASL
    description The 3.14.4 stable update contains a number of important fixes across the tree. The 3.14.3 stable rebase contains support for new hardware, some new features, and a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-20
    plugin id 74132
    published 2014-05-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74132
    title Fedora 19 : kernel-3.14.4-100.fc19 (2014-6354)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1392.NASL
    description Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the sixth regular update. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. (CVE-2014-5077, Important) * An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system. (CVE-2013-2596, Important) * A flaw was found in the way the ipc_rcu_putref() function in the Linux kernel's IPC implementation handled reference counter decrementing. A local, unprivileged user could use this flaw to trigger an Out of Memory (OOM) condition and, potentially, crash the system. (CVE-2013-4483, Moderate) * It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process. (CVE-2014-0181, Moderate) * It was found that the try_to_unmap_cluster() function in the Linux kernel's Memory Managment subsystem did not properly handle page locking in certain cases, which could potentially trigger the BUG_ON() macro in the mlock_vma_page() function. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-3122, Moderate) * A flaw was found in the way the Linux kernel's kvm_iommu_map_pages() function handled IOMMU mapping failures. A privileged user in a guest with an assigned host device could use this flaw to crash the host. (CVE-2014-3601, Moderate) * Multiple use-after-free flaws were found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use either of these flaws to crash the system. (CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, Moderate) * A flaw was found in the way the Linux kernel's VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation. (CVE-2014-5045, Moderate) * An integer overflow flaw was found in the way the lzo1x_decompress_safe() function of the Linux kernel's LZO implementation processed Literal Runs. A local attacker could, in extremely rare cases, use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-4608, Low) Red Hat would like to thank Vladimir Davydov of Parallels for reporting CVE-2013-4483, Jack Morgenstein of Mellanox for reporting CVE-2014-3601, Vasily Averin of Parallels for reporting CVE-2014-5045, and Don A. Bailey from Lab Mouse Security for reporting CVE-2014-4608. The security impact of the CVE-2014-3601 issue was discovered by Michael Tsirkin of Red Hat. This update also fixes several hundred bugs and adds numerous enhancements. Refer to the Red Hat Enterprise Linux 6.6 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References. All Red Hat Enterprise Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 6.6 Release Notes and Technical Notes. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 78409
    published 2014-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78409
    title RHEL 6 : kernel (RHSA-2014:1392)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-6122.NASL
    description The 3.14.3 stable update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-20
    plugin id 73957
    published 2014-05-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73957
    title Fedora 20 : kernel-3.14.3-200.fc20 (2014-6122)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-441.NASL
    description The Linux kernel was updated to fix security issues and bugs. Security issues fixed: CVE-2014-3153: The futex_requeue function in kernel/futex.c in the Linux kernel did not ensure that calls have two different futex addresses, which allowed local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel did not check whether a certain length value is sufficiently large, which allowed local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced. CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel used the reverse order in a certain subtraction, which allowed local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. CVE-2014-0077: drivers/vhost/net.c in the Linux kernel, when mergeable buffers are disabled, did not properly validate packet lengths, which allowed guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package did not properly handle vhost_get_vq_desc errors, which allowed guest OS users to cause a denial of service (host OS crash) via unspecified vectors. CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. CVE-2014-2851: Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. - ext4: Fix buffer double free in ext4_alloc_branch() (bnc#880599 bnc#876981). - patches.fixes/firewire-01-net-fix-use-after-free.patch, patches.fixes/firewire-02-ohci-fix-probe-failure-with-ag ere-lsi-controllers.patch, patches.fixes/firewire-03-dont-use-prepare_delayed_work. patch: Add missing bug reference (bnc#881697). - firewire: don't use PREPARE_DELAYED_WORK. - firewire: ohci: fix probe failure with Agere/LSI controllers. - firewire: net: fix use after free. - USB: OHCI: fix problem with global suspend on ATI controllers (bnc#868315). - mm: revert 'page-writeback.c: subtract min_free_kbytes from dirtyable memory' (bnc#879792). - usb: musb: tusb6010: Use musb->tusb_revision instead of tusb_get_revision call (bnc#872715). - usb: musb: tusb6010: Add tusb_revision to struct musb to store the revision (bnc#872715). - ALSA: hda - Fix onboard audio on Intel H97/Z97 chipsets (bnc#880613). - floppy: do not corrupt bio.bi_flags when reading block 0 (bnc#879258). - reiserfs: call truncate_setsize under tailpack mutex (bnc#878115). - Update Xen config files: Set compatibility level back to 4.1 (bnc#851338). - Update config files. Guillaume GARDET reported a broken build due to CONFIG_USB_SERIAL_GENERIC being modular - memcg: deprecate memory.force_empty knob (bnc#878274). - nfsd: when reusing an existing repcache entry, unhash it first (bnc#877721). - Enable Socketcan again for i386 and x86_64 (bnc#858067) - xhci: extend quirk for Renesas cards (bnc#877713). - xhci: Fix resume issues on Renesas chips in Samsung laptops (bnc#877713). - mm: try_to_unmap_cluster() should lock_page() before mlocking (bnc#876102, CVE-2014-3122). - drm/i915, HD-audio: Don't continue probing when nomodeset is given (bnc#882648). - x86/mm/numa: Fix 32-bit kernel NUMA boot (bnc#881727).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 76228
    published 2014-06-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76228
    title openSUSE Security Update : kernel (openSUSE-SU-2014:0840-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2235-1.NASL
    description Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. (CVE-2014-3153) A flaw was discovered in the vhost-net subsystem of the Linux kernel. Guest OS users could exploit this flaw to cause a denial of service (host OS crash). (CVE-2014-0055) Sasha Levin reported a bug in the Linux kernel's virtual memory management subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3122). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 74356
    published 2014-06-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74356
    title Ubuntu 12.04 LTS : linux vulnerabilities (USN-2235-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2223-1.NASL
    description Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1738) Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. (CVE-2014-1737) A flaw was discovered in the Linux kernel's IPC reference counting. An unprivileged local user could exploit this flaw to cause a denial of service (OOM system crash). (CVE-2013-4483) A flaw was discovered in the vhost-net subsystem of the Linux kernel. Guest OS users could exploit this flaw to cause a denial of service (host OS crash). (CVE-2014-0055) A flaw was discovered in the handling of network packets when mergeable buffers are disabled for virtual machines in the Linux kernel. Guest OS users may exploit this flaw to cause a denial of service (host OS crash) or possibly gain privilege on the host OS. (CVE-2014-0077) A flaw was discovered in the Linux kernel's handling of the SCTP handshake. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-0101) A flaw was discovered in the handling of routing information in Linux kernel's IPv6 stack. A remote attacker could exploit this flaw to cause a denial of service (memory consumption) via a flood of ICMPv6 router advertisement packets. (CVE-2014-2309) An error was discovered in the Linux kernel's DCCP protocol support. A remote attacked could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2014-2523) Max Sydorenko discovered a race condition in the Atheros 9k wireless driver in the Linux kernel. This race could be exploited by remote attackers to cause a denial of service (system crash). (CVE-2014-2672) An error was discovered in the Reliable Datagram Sockets (RDS) protocol stack in the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) or possibly have unspecified other impact. (CVE-2014-2678) Yaara Rozenblum discovered a race condition in the Linux kernel's Generic IEEE 802.11 Networking Stack (mac80211). Remote attackers could exploit this flaw to cause a denial of service (system crash). (CVE-2014-2706) A flaw was discovered in the Linux kernel's ping sockets. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges via a crafted application. (CVE-2014-2851) Sasha Levin reported a bug in the Linux kernel's virtual memory management subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3122). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 74211
    published 2014-05-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74211
    title Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2223-1)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL15852.NASL
    description The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings.
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 79340
    published 2014-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79340
    title F5 Networks BIG-IP : Linux kernel vulnerability (SOL15852)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2240-1.NASL
    description Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. (CVE-2014-3153) An information leak was discovered in the netfilter subsystem of the Linux kernel. An attacker could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-2568) Sasha Levin reported a bug in the Linux kernel's virtual memory management subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3122). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 74360
    published 2014-06-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74360
    title Ubuntu 14.04 LTS : linux vulnerabilities (USN-2240-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2224-1.NASL
    description Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1738) Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. (CVE-2014-1737) A flaw was discovered in the vhost-net subsystem of the Linux kernel. Guest OS users could exploit this flaw to cause a denial of service (host OS crash). (CVE-2014-0055) A flaw was discovered in the handling of network packets when mergeable buffers are disabled for virtual machines in the Linux kernel. Guest OS users may exploit this flaw to cause a denial of service (host OS crash) or possibly gain privilege on the host OS. (CVE-2014-0077) A flaw was discovered in the Linux kernel's handling of the SCTP handshake. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-0101) A flaw was discovered in the handling of routing information in Linux kernel's IPv6 stack. A remote attacker could exploit this flaw to cause a denial of service (memory consumption) via a flood of ICMPv6 router advertisement packets. (CVE-2014-2309) An error was discovered in the Linux kernel's DCCP protocol support. A remote attacked could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2014-2523) Max Sydorenko discovered a race condition in the Atheros 9k wireless driver in the Linux kernel. This race could be exploited by remote attackers to cause a denial of service (system crash). (CVE-2014-2672) An error was discovered in the Reliable Datagram Sockets (RDS) protocol stack in the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) or possibly have unspecified other impact. (CVE-2014-2678) Yaara Rozenblum discovered a race condition in the Linux kernel's Generic IEEE 802.11 Networking Stack (mac80211). Remote attackers could exploit this flaw to cause a denial of service (system crash). (CVE-2014-2706) A flaw was discovered in the Linux kernel's ping sockets. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges via a crafted application. (CVE-2014-2851) Sasha Levin reported a bug in the Linux kernel's virtual memory management subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3122). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 74212
    published 2014-05-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74212
    title Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2224-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20141014_KERNEL_ON_SL6_X.NASL
    description * A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. (CVE-2014-5077, Important) * An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system. (CVE-2013-2596, Important) * A flaw was found in the way the ipc_rcu_putref() function in the Linux kernel's IPC implementation handled reference counter decrementing. A local, unprivileged user could use this flaw to trigger an Out of Memory (OOM) condition and, potentially, crash the system. (CVE-2013-4483, Moderate) * It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process. (CVE-2014-0181, Moderate) * It was found that the try_to_unmap_cluster() function in the Linux kernel's Memory Managment subsystem did not properly handle page locking in certain cases, which could potentially trigger the BUG_ON() macro in the mlock_vma_page() function. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-3122, Moderate) * A flaw was found in the way the Linux kernel's kvm_iommu_map_pages() function handled IOMMU mapping failures. A privileged user in a guest with an assigned host device could use this flaw to crash the host. (CVE-2014-3601, Moderate) * Multiple use-after-free flaws were found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use either of these flaws to crash the system. (CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, Moderate) * A flaw was found in the way the Linux kernel's VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation. (CVE-2014-5045, Moderate) * An integer overflow flaw was found in the way the lzo1x_decompress_safe() function of the Linux kernel's LZO implementation processed Literal Runs. A local attacker could, in extremely rare cases, use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-4608, Low) The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 78845
    published 2014-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78845
    title Scientific Linux Security Update : kernel on SL6.x i386/x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2926.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation : - CVE-2014-0196 Jiri Slaby discovered a race condition in the pty layer, which could lead to denial of service or privilege escalation. - CVE-2014-1737 / CVE-2014-1738 Matthew Daley discovered that missing input sanitising in the FDRAWCMD ioctl and an information leak could result in privilege escalation. - CVE-2014-2851 Incorrect reference counting in the ping_init_sock() function allows denial of service or privilege escalation. - CVE-2014-3122 Incorrect locking of memory can result in local denial of service.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 73971
    published 2014-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73971
    title Debian DSA-2926-1 : linux - security update
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0557.NASL
    description Updated kernel-rt packages that fix multiple security issues are now available for Red Hat Enterprise MRG 2.5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * A race condition leading to a use-after-free flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled the addition of fragments to the LRU (Last-Recently Used) list under certain conditions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system by sending a large amount of specially crafted fragmented packets to that system. (CVE-2014-0100, Important) * A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel's N_TTY line discipline (LDISC) implementation handled concurrent processing of echo output and TTY write operations originating from user space when the underlying TTY driver was PTY. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-0196, Important) * A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important) * It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low) Note: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system. * A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-2851, Important) * It was found that a remote attacker could use a race condition flaw in the ath_tx_aggr_sleep() function to crash the system by creating large network traffic on the system's Atheros 9k wireless network adapter. (CVE-2014-2672, Moderate) * A NULL pointer dereference flaw was found in the rds_iw_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system. (CVE-2014-2678, Moderate) * A race condition flaw was found in the way the Linux kernel's mac80211 subsystem implementation handled synchronization between TX and STA wake-up code paths. A remote attacker could use this flaw to crash the system. (CVE-2014-2706, Moderate) * It was found that the try_to_unmap_cluster() function in the Linux kernel's Memory Managment subsystem did not properly handle page locking in certain cases, which could potentially trigger the BUG_ON() macro in the mlock_vma_page() function. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-3122, Moderate) Users are advised to upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.10.33-rt32.34 and correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 76677
    published 2014-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76677
    title RHEL 6 : MRG (RHSA-2014:0557)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1392.NASL
    description Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the sixth regular update. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. (CVE-2014-5077, Important) * An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system. (CVE-2013-2596, Important) * A flaw was found in the way the ipc_rcu_putref() function in the Linux kernel's IPC implementation handled reference counter decrementing. A local, unprivileged user could use this flaw to trigger an Out of Memory (OOM) condition and, potentially, crash the system. (CVE-2013-4483, Moderate) * It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process. (CVE-2014-0181, Moderate) * It was found that the try_to_unmap_cluster() function in the Linux kernel's Memory Managment subsystem did not properly handle page locking in certain cases, which could potentially trigger the BUG_ON() macro in the mlock_vma_page() function. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-3122, Moderate) * A flaw was found in the way the Linux kernel's kvm_iommu_map_pages() function handled IOMMU mapping failures. A privileged user in a guest with an assigned host device could use this flaw to crash the host. (CVE-2014-3601, Moderate) * Multiple use-after-free flaws were found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use either of these flaws to crash the system. (CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, Moderate) * A flaw was found in the way the Linux kernel's VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation. (CVE-2014-5045, Moderate) * An integer overflow flaw was found in the way the lzo1x_decompress_safe() function of the Linux kernel's LZO implementation processed Literal Runs. A local attacker could, in extremely rare cases, use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-4608, Low) Red Hat would like to thank Vladimir Davydov of Parallels for reporting CVE-2013-4483, Jack Morgenstein of Mellanox for reporting CVE-2014-3601, Vasily Averin of Parallels for reporting CVE-2014-5045, and Don A. Bailey from Lab Mouse Security for reporting CVE-2014-4608. The security impact of the CVE-2014-3601 issue was discovered by Michael Tsirkin of Red Hat. This update also fixes several hundred bugs and adds numerous enhancements. Refer to the Red Hat Enterprise Linux 6.6 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References. All Red Hat Enterprise Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 6.6 Release Notes and Technical Notes. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79181
    published 2014-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79181
    title CentOS 6 : kernel (CESA-2014:1392)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-451.NASL
    description The Linux kernel was updated to fix security issues and bugs : Security issues fixed: CVE-2014-3153: The futex_requeue function in kernel/futex.c in the Linux kernel did not ensure that calls have two different futex addresses, which allowed local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. CVE-2014-0077: drivers/vhost/net.c in the Linux kernel, when mergeable buffers are disabled, did not properly validate packet lengths, which allowed guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package did not properly handle vhost_get_vq_desc errors, which allowed guest OS users to cause a denial of service (host OS crash) via unspecified vectors. CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. CVE-2014-2851: Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. CVE-2014-3122: The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel did not properly consider which pages must be locked, which allowed local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings. Bugs fixed : - memcg: deprecate memory.force_empty knob (bnc#878274).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 76342
    published 2014-07-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76342
    title openSUSE Security Update : kernel (openSUSE-SU-2014:0856-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-3082.NASL
    description Description of changes: [2.6.39-400.215.11.el6uek] - ALSA: control: Don't access controls outside of protected regions (Lars-Peter Clausen) [Orabug: 19817786] {CVE-2014-4653} {CVE-2014-4654} {CVE-2014-4655} - ALSA: control: Fix replacing user controls (Lars-Peter Clausen) [Orabug: 19817748] {CVE-2014-4653} {CVE-2014-4654} {CVE-2014-4655} - kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601) (Michael S. Tsirkin) [Orabug: 19817647] {CVE-2014-3601} - mm: try_to_unmap_cluster() should lock_page() before mlocking (Vlastimil Babka) [Orabug: 19817323] {CVE-2014-3122} - vm: convert fb_mmap to vm_iomap_memory() helper (Linus Torvalds) [Orabug: 19816563] {CVE-2013-2596} - vm: add vm_iomap_memory() helper function (Linus Torvalds) [Orabug: 19816563] {CVE-2013-2596} - net: sctp: inherit auth_capable on INIT collisions (Daniel Borkmann) [Orabug: 19816068] {CVE-2014-5077}
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 78579
    published 2014-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78579
    title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3082)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1392.NASL
    description From Red Hat Security Advisory 2014:1392 : Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the sixth regular update. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. (CVE-2014-5077, Important) * An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system. (CVE-2013-2596, Important) * A flaw was found in the way the ipc_rcu_putref() function in the Linux kernel's IPC implementation handled reference counter decrementing. A local, unprivileged user could use this flaw to trigger an Out of Memory (OOM) condition and, potentially, crash the system. (CVE-2013-4483, Moderate) * It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process. (CVE-2014-0181, Moderate) * It was found that the try_to_unmap_cluster() function in the Linux kernel's Memory Managment subsystem did not properly handle page locking in certain cases, which could potentially trigger the BUG_ON() macro in the mlock_vma_page() function. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-3122, Moderate) * A flaw was found in the way the Linux kernel's kvm_iommu_map_pages() function handled IOMMU mapping failures. A privileged user in a guest with an assigned host device could use this flaw to crash the host. (CVE-2014-3601, Moderate) * Multiple use-after-free flaws were found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use either of these flaws to crash the system. (CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, Moderate) * A flaw was found in the way the Linux kernel's VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation. (CVE-2014-5045, Moderate) * An integer overflow flaw was found in the way the lzo1x_decompress_safe() function of the Linux kernel's LZO implementation processed Literal Runs. A local attacker could, in extremely rare cases, use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-4608, Low) Red Hat would like to thank Vladimir Davydov of Parallels for reporting CVE-2013-4483, Jack Morgenstein of Mellanox for reporting CVE-2014-3601, Vasily Averin of Parallels for reporting CVE-2014-5045, and Don A. Bailey from Lab Mouse Security for reporting CVE-2014-4608. The security impact of the CVE-2014-3601 issue was discovered by Michael Tsirkin of Red Hat. This update also fixes several hundred bugs and adds numerous enhancements. Refer to the Red Hat Enterprise Linux 6.6 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References. All Red Hat Enterprise Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 6.6 Release Notes and Technical Notes. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 78618
    published 2014-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78618
    title Oracle Linux 6 : kernel (ELSA-2014-1392)
redhat via4
rpms
  • kernel-0:2.6.32-504.el6
  • kernel-abi-whitelists-0:2.6.32-504.el6
  • kernel-bootwrapper-0:2.6.32-504.el6
  • kernel-debug-0:2.6.32-504.el6
  • kernel-debug-devel-0:2.6.32-504.el6
  • kernel-devel-0:2.6.32-504.el6
  • kernel-doc-0:2.6.32-504.el6
  • kernel-firmware-0:2.6.32-504.el6
  • kernel-headers-0:2.6.32-504.el6
  • kernel-kdump-0:2.6.32-504.el6
  • kernel-kdump-devel-0:2.6.32-504.el6
  • perf-0:2.6.32-504.el6
  • python-perf-0:2.6.32-504.el6
refmap via4
bid 67162
confirm
debian DSA-2926
mlist [oss-security] 20140430 Re: CVE request Linux kernel: mm: try_to_unmap_cluster() should lock_page() before mlocking
secunia
  • 59386
  • 59599
ubuntu USN-2240-1
Last major update 17-07-2014 - 01:06
Published 11-05-2014 - 17:55
Last modified 28-12-2017 - 21:29
Back to Top