CVE-2014-1739

CVE-2014-1739 affects the Linux kernel before 3.14.6, where the function media_device_enum_entities in drivers/media/media-device.c fails to initialize a data structure. This leads to an information disclosure vulnerability: a local attacker with access to /dev/media0 can read kernel memory throu...

CVE-2014-1739

The mediadeviceenumentities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIAIOCENUMENTITIES ioctl...

UBUNTU-CVE-2014-1739

The mediadeviceenumentities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIAIOCENUMENTITIES ioctl...

kernel: block: floppy: privilege escalation via FDRAWCMD floppy ioctl command

A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free using the kfree function arbitrary kernel memory. CVE-2014-173...

kernel: block: floppy: privilege escalation via FDRAWCMD floppy ioctl command

A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free using the kfree function arbitrary kernel memory. CVE-2014-173...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix three security issues and two bugs are now available for Red Hat Enterprise Linux 5.9 Extended Update Support. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which...

kernel: block: floppy: privilege escalation via FDRAWCMD floppy ioctl command

A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free using the kfree function arbitrary kernel memory. CVE-2014-173...

kernel: block: floppy: privilege escalation via FDRAWCMD floppy ioctl command

A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free using the kfree function arbitrary kernel memory. CVE-2014-173...

[oss-security] CVE request: Linux kernel DoS with syscall auditing

Issuing a system call with a random large number will OOPS, depending on configuration. A configuration that will enable this bug is: auditctl -a exit,always -S open No privilege whatsoever is required to trigger the OOPS. It's possible that this can be extended to more than just a DoS -- with so...

openSUSE Security Update : kernel (openSUSE-SU-2011:0861-1)

The openSUSE 11.3 kernel was updated to 2.6.34.10 to fix various bugs and security issues. Following security issues have been fixed: CVE-2011-2495: The /proc/PID/io interface could be used by local attackers to gain information on other processes like number of password characters typed or...

openSUSE Security Update : kernel (openSUSE-SU-2012:0206-1)

The openSUSE 11.3 kernel was updated to fix various bugs and security issues. Following security issues have been fixed: CVE-2011-4604: If root does read on a specific socket, it's possible to corrupt kernel memory over network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol is used...

Oracle Linux 5 : kernel (ELSA-2014-0740)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0740 advisory. - infiniband rds: dereference of a NULL device Jacob Tanenbaum 1079216 1079217 CVE-2013-7339 - block floppy: don't write kernel-only members to FDRAWCM...

kernel security update

CentOS Errata and Security Advisory CESA-2014:0740 Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring...

CVE-2014-3873

The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtain sensitive information from kernel memory via a kernel process trace...

Design/Logic Flaw

The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtain sensitive information from kernel memory via a kernel process trace...

CVE-2014-3873

The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtain sensitive information from kernel memory via a kernel process trace...

Debian DSA-2952-1 : kfreebsd-9 - security update

Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or possibly disclosure of kernel memory. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-1453 A remote, authenticated attacker could cause the NF...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-2240-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2240-1 advisory. Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service syste...

USN-2241-1: Linux kernel vulnerabilities

Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service system crash or gain administrative privileges. CVE-2014-3153 A flaw was discovered in the Linux kernel virtual machine's kvm validation of interrupt...

USN-2240-1: Linux kernel vulnerabilities

Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service system crash or gain administrative privileges. CVE-2014-3153 An information leak was discovered in the netfilter subsystem of the Linux kernel. An...