5011 matches found
CVE-2014-7284
CVE-2014-7284 affects the Linux kernel’s net_get_random_once in net/core/utils.c for 3.13.x and 3.14.x before 3.14.5 on certain Intel CPUs. The issue is that the slow-path to seed randomness is not executed, increasing predictability of TCP sequence numbers, TCP/UDP port numbers, and IP ID values...
CVE-2014-7284
The netgetrandomonce implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote attackers to spoof or disrupt IP communication by...
CVE-2014-7284
The netgetrandomonce implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote attackers to spoof or disrupt IP communication by...
CVE-2014-7284
The netgetrandomonce implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote attackers to spoof or disrupt IP communication by...
[SECURITY] Fedora 19 Update: sdcc-3.3.0-1.fc19
SDCC is a C compiler for 8051 class and similar microcontrollers. The package includes the compiler, assemblers and linkers, a device simulator and a core library. The processors supported to a varying degree include the 8051, ds390, z80, hc08, and PIC...
kernel: x86_64: ptrace: sysret to non-canonical address
It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially...
Oracle Linux 6 : kernel (ELSA-2014-0924)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0924 advisory. - netdrv pppol2tp: fail when socket option level is not SOLPPPOL2TP 1119461 1119462 CVE-2014-4943 Tenable has extracted the preceding description block...
Oracle Linux 7 : kernel (ELSA-2014-0923)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0923 advisory. - net l2tpppp: fail when socket option level is not SOLPPPOL2TP Petr Matousek 1119465 1119466 CVE-2014-4943 Tenable has extracted the preceding...
Oracle Linux 6 : unbreakable enterprise kernel (ELSA-2014-3046)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3046 advisory. - l2tp: fix an unprivileged user to kernel privilege escalation Sasha Levin Orabug: 19229497 CVE-2014-4943 CVE-2014-4943 - ptrace,x86: force IRET path...
USN-2290-1: Linux kernel vulnerabilities
Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol PPP when used with the Layer Two Tunneling Protocol L2TP. A local user could exploit this flaw to gain administrative privileges. CVE-2014-4943 Salva Peiró discovered an information leak in the Linux kernel's media- device...
CVE-2014-4699
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service double...
CVE-2014-4699
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service double...
DEBIAN-CVE-2014-4699
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service double...
Race condition
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service double...
CVE-2014-4699
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service double...
CVE-2014-4699
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service double...
CVE-2014-4699
CVE-2014-4699 affects the Linux kernel prior to 3.15.4 on Intel CPUs: a non-canonical saved RIP value in system calls that do not use IRET can be exploited via ptrace and fork to escalate privileges or trigger a denial of service (double fault). Multiple connected advisories (e.g., MiracleLinux A...
Debian Security Advisory DSA 2972-1 (linux - security update)
Andy Lutomirski discovered that the ptrace syscall was not verifying the RIP register to be valid in the ptrace API on x8664 processors. An unprivileged user could use this flaw to crash the kernel resulting in denial of service or for privilege escalation. OpenVAS Vulnerability Test $Id:...
DSA-2972-1 linux - security update
Bulletin has no description...
Ubuntu 14.04 LTS : Linux kernel vulnerability (USN-2274-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2274-1 advisory. Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x8664 processors. An attacker could exploit this flaw to cause a denial of service...