- Home
- CVEs with nessus.description==Updated+kernel+packages+that+fix+two+security+issues+are+now+available+for+Red+Hat+Enterprise+Linux+6.4+Extended+Update+Support.%0A%0AThe+Red+Hat+Security+Response+Team+has+rated+this+update+as+having+Important+security+impact.+Common+Vulnerability+Scoring+System+%28CVSS%29+base+scores%2C+which+give+detailed+severity+ratings%2C+are+available+for+each+vulnerability+from+the+CVE+links+in+the+References+section.%0A%0AThe+kernel+packages+contain+the+Linux+kernel%2C+the+core+of+any+Linux+operating+system.%0A%0A%2A+It+was+found+that+the+Linux+kernel%27s+ptrace+subsystem+allowed+a+traced+process%27+instruction+pointer+to+be+set+to+a+non-canonical+memory+address+without+forcing+the+non-sysret+code+path+when+returning+to+user+space.+A+local%2C+unprivileged+user+could+use+this+flaw+to+crash+the+system+or%2C+potentially%2C+escalate+their+privileges+on+the+system.%0A%28CVE-2014-4699%2C+Important%29%0A%0ANote%3A+The+CVE-2014-4699+issue+only+affected+systems+using+an+Intel+CPU.%0A%0A%2A+A+flaw+was+found+in+the+way+the+pppol2tp_setsockopt%28%29+and+pppol2tp_getsockopt%28%29+functions+in+the+Linux+kernel%27s+PPP+over+L2TP+implementation+handled+requests+with+a+non-SOL_PPPOL2TP+socket+option+level.+A+local%2C+unprivileged+user+could+use+this+flaw+to+escalate+their+privileges+on+the+system.+%28CVE-2014-4943%2C+Important%29%0A%0ARed+Hat+would+like+to+thank+Andy+Lutomirski+for+reporting+CVE-2014-4699%2C+and+Sasha+Levin+for+reporting+CVE-2014-4943.%0A%0AAll+kernel+users+are+advised+to+upgrade+to+these+updated+packages%2C+which+contain+backported+patches+to+correct+these+issues.+The+system+must+be+rebooted+for+this+update+to+take+effect
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top