Lucene search

[email protected]NVD:CVE-2014-4699

HistoryJul 09, 2014 - 11:07 a.m.

CVE-2014-4699

2014-07-0911:07:03

CWE-362

[email protected]

web.nvd.nist.gov

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.

Affected configurations

NVD

Node

linuxlinux_kernelRange2.6.17–3.2.61

linuxlinux_kernelRange3.3–3.4.97

linuxlinux_kernelRange3.5–3.10.47

linuxlinux_kernelRange3.11–3.12.25

linuxlinux_kernelRange3.13–3.14.11

linuxlinux_kernelRange3.15–3.15.4

Node

debiandebian_linuxMatch7.0

Node

canonicalubuntu_linuxMatch10.04-

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch13.10

canonicalubuntu_linuxMatch14.04esm

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a

linux.oracle.com/errata/ELSA-2014-0924.html

linux.oracle.com/errata/ELSA-2014-3047.html

linux.oracle.com/errata/ELSA-2014-3048.html

openwall.com/lists/oss-security/2014/07/05/4

openwall.com/lists/oss-security/2014/07/08/16

openwall.com/lists/oss-security/2014/07/08/5

packetstormsecurity.com/files/127573/Linux-Kernel-ptrace-sysret-Local-Privilege-Escalation.html

secunia.com/advisories/59633

secunia.com/advisories/59639

secunia.com/advisories/59654

secunia.com/advisories/60220

secunia.com/advisories/60380

secunia.com/advisories/60393

www.debian.org/security/2014/dsa-2972

www.exploit-db.com/exploits/34134

www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.4

www.openwall.com/lists/oss-security/2014/07/04/4

www.osvdb.org/108754

www.ubuntu.com/usn/USN-2266-1

www.ubuntu.com/usn/USN-2267-1

www.ubuntu.com/usn/USN-2268-1

www.ubuntu.com/usn/USN-2269-1

www.ubuntu.com/usn/USN-2270-1

www.ubuntu.com/usn/USN-2271-1

www.ubuntu.com/usn/USN-2272-1

www.ubuntu.com/usn/USN-2273-1

www.ubuntu.com/usn/USN-2274-1

bugzilla.redhat.com/show_bug.cgi?id=1115927

github.com/torvalds/linux/commit/b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a

www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.47

www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.11

www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.97

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for NVD:CVE-2014-4699

openvas63 debian2 securityvulns2 ubuntu10 redhat6 nessus38 cve1 zdt1 packetstorm1 seebug1 ubuntucve1 osv2 exploitpack1 debiancve1 prion1 cvelist1 exploitdb1 oraclelinux10 centos2 veracode7 kitploit1 suse8 fedora25