Lucene search

K
osvGoogleOSV:DSA-2926-1
HistoryMay 12, 2014 - 12:00 a.m.

linux - security update

2014-05-1200:00:00
Google
osv.dev
13

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service, information leaks or privilege
escalation:

  • CVE-2014-0196
    Jiri Slaby discovered a race condition in the pty layer, which could
    lead to denial of service or privilege escalation.
  • CVE-2014-1737 /
    CVE-2014-1738
    Matthew Daley discovered that missing input sanitising in the
    FDRAWCMD ioctl and an information leak could result in privilege
    escalation.
  • CVE-2014-2851
    Incorrect reference counting in the ping_init_sock() function allows
    denial of service or privilege escalation.
  • CVE-2014-3122
    Incorrect locking of memory can result in local denial of service.

For the stable distribution (wheezy), these problems have been fixed in
version 3.2.57-3+deb7u1. This update also fixes a regression in the isci
driver and suspend problems with certain AMD CPUs (introduced in the
updated kernel from the Wheezy 7.5 point release).

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your linux packages.

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C