41 matches found
CVE-2014-3153
The CVE-2014-3153 issue affects the Linux kernel futex_requeue path (kernel/futex.c) through version 3.14.5. A local unprivileged user can exploit FUTEX_REQUEUE with two identical futex addresses to gain privileges or modify waiter state, causing potential privilege escalation and memory impact. ...
CVE-2014-0196
CVE-2014-0196 affects the Linux kernel (through 3.14.3) specifically the n_tty_write function in drivers/tty/n_tty.c. The flaw permits a local user to trigger a race condition between read and write operations with long strings in the LECHO & !OPOST case, enabling denial of service (memory corrup...
CVE-2014-2523
CVE-2014-2523 applies to the Linux kernel code path net/netfilter/nf_conntrack_proto_dccp.c up to version 3.13.6. The vulnerability arises from incorrect handling of a DCCP header pointer, which could allow remote attackers to cause a system crash ( denial of service ) or potentially execute arbi...
CVE-2014-9322
CVE-2014-9322 affects the Linux kernel pre-3.17.5 where arch/x86/kernel/entry_64.S mishandles faults on the Stack Segment (SS) during IRET, allowing a local user to escalate privileges by accessing a GS Base address from the wrong space. Public PoC/exploitation (BadIRET) exists, illustrating loca...
CVE-2014-3122
CVE-2014-3122 affects the Linux kernel local memory-management path. The advisory centers on the try_to_unmap_cluster function in mm/rmap.c, where the code path did not consistently lock pages, enabling a local user to trigger a memory-usage pattern that can force removal of page-table mappings a...
CVE-2014-3610
CVE-2014-3610 is a Linux kernel KVM WRMSR emulation flaw present up to and including 3.17.2. The issue arises when guest writes a non-canonical value to a model-specific register, causing the host to crash (DoS). It is tied to wrmsr_interception (arch/x86/kvm/svm.c) and handle_wrmsr (arch/x86/kvm...
CVE-2014-3690
CVE-2014-3690 affects arch/x86/kvm/vmx.c in the Linux kernel’s KVM subsystem on Intel, where the CR4 control register value may not be preserved across VM entries. The vendor-provided details in connected Nessus advisories describe a local attacker with access to /dev/kvm who can kill arbitrary p...
CVE-2014-0077
CVE-2014-0077 concerns the Linux kernel component drivers/vhost/net.c . When mergeable buffers are disabled, the code path does not properly validate packet lengths, enabling a guest OS user to trigger a memory corruption that could cause a host crash or, per wording, potentially gain privileges ...
CVE-2014-1737
CVE-2014-1737 affects the Linux kernel (through 3.14.3) and its floppy driver (drivers/block/floppy.c). The flaw is in raw_cmd_copyin not handling error conditions during processing of an FDRAWCMD ioctl, enabling local users with write access to /dev/fd to trigger kfree and potentially gain privi...
CVE-2014-4608
CVE-2014-4608 refers to multiple integer overflows in the LZO decompressor (lzo1x_decompress_safe) in the Linux kernel before 3.15.2, which can cause memory corruption and denial of service via a crafted Literal Run. Some advisories note the Linux kernel is not affected (media hype), while securi...
CVE-2014-1874
The CVE-2014-1874 entry is about the Linux kernel vulnerability in security/selinux/ss/services.c: the security_context_to_sid_core function before 3.13.4 allows local users with CAP_MAC_ADMIN to set a zero-length security context, causing a denial of service (system crash). Affected product: Lin...
CVE-2014-4653
Summary (CVE-2014-4653) : The ALSA control implementation in the Linux kernel has a race/lock handling issue in sound/core/control.c. It does not ensure possession of a read/write lock, enabling a local attacker to trigger a denial of service (use-after-free) and to potentially read kernel memory...
CVE-2014-0069
The CVE-2014-0069 entry affects the Linux kernel (fs/cifs/file.c: cifs_iovec_write) up to version 3.13.5. The vulnerability stems from improper handling of uncached write operations that copy fewer bytes than requested, enabling local users to read kernel memory (information disclosure), cause me...
CVE-2014-4656
CVE-2014-4656 affects the Linux kernel ALSA sound control (sound/core/control.c). The vulnerability arises from multiple integer overflows in ALSA control handling, exploitable by local users via /dev/snd/controlCX to cause a denial of service. The issue is tied to (1) index values in snd_ctl_add...
CVE-2014-2706
CVE-2014-2706 describes a race condition in the Linux kernel’s mac80211 subsystem (sta_info.c and tx.c) that, when handling network traffic in conjunction with the WLAN_STA_PS_STA (power-save) state, can cause a remote denial of service (system crash). The issue affects kernel versions prior to 3...
CVE-2014-4654
The CVE-2014-4654 issue affects the Linux kernel ALSA control implementation (snd_ctl_elem_add in sound/core/control.c). The root cause is a lack of authorization checks for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, allowing local attackers with access to /dev/snd/controlX to remove kernel controls....
CVE-2013-7339
The CVE-2013-7339 issue affects the Linux kernel up to version 3.12.7 (fixed in 3.12.8) where the rds_ib_laddr_check function in net/rds/ib.c allows a local attacker to trigger a NULL pointer dereference via a bind(2) call on an RDS socket on systems without RDS transports. This can cause a denia...
CVE-2012-6638
CVE-2012-6638 (Linux kernel) affects the tcp_rcv_state_process in net/ipv4/tcp_input.c and can cause a DoS due to a flood of SYN+FIN packets. The vulnerability exists in kernels before 3.2.24 and is fixed in the 3.2.24 update (per ChangeLog-3.2.24). Exploitation is described as remote and results...
CVE-2014-4652
CVE-2014-4652 affects the Linux kernel ALSA sound subsystem. A race condition in the tlv handler (snd_ctl_elem_user_tlv) within sound/core/control.c before version 3.15.2 allows local users to read kernel memory via /dev/snd/controlCX. Impact is partial confidentiality of kernel memory. The vulne...
CVE-2014-4655
CVE-2014-4655 affects the Linux kernel ALSA control path: snd_ctl_elem_add in sound/core/control.c does not correctly maintain user_ctl_count, enabling a local DoS via a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE calls to /dev/snd/controlCX. Affected: Linux kernel prior to 3.15.2 (ALSA control ...
CVE-2014-1739
CVE-2014-1739 affects the Linux kernel before 3.14.6, where the function media_device_enum_entities in drivers/media/media-device.c fails to initialize a data structure. This leads to an information disclosure vulnerability: a local attacker with access to /dev/media0 can read kernel memory throu...
CVE-2014-3185
CVE-2014-3185 affects the Linux kernel’s Whiteheat USB Serial Driver (drivers/usb/serial/whiteheat.c). The vulnerability allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by presenting a crafted USB device that suppli...
CVE-2014-3534
CVE-2014-3534 (Linux kernel, s390) : The vulnerability in arch/s390/kernel/ ptrace.c allows a local user to bypass restrictions on address-space control with PTRACE_POKEUSR_AREA, gaining read/write access to kernel memory and potentially elevation of privileges via a crafted ptrace call. Affected...
CVE-2014-4611
CVE-2014-4611 concerns an integer overflow in the LZ4 implementation used in Yann Collet LZ4 prior to r118 and in the Linux kernel’s lz4_decompress.c (linux kernel before 3.15.2) on 32-bit platforms. A crafted Literal Run can trigger improper handling, enabling context-dependent attackers to caus...
CVE-2014-4667
CVE-2014-4667 affects the Linux kernel: the sctp_association_free function in net/sctp/associola.c before version 3.15.2 fails to properly manage a specific backlog value, enabling remote attackers to trigger a denial of service (socket outage) via a crafted SCTP packet. The vulnerability is root...
CVE-2014-4027
CVE-2014-4027 affects the Linux kernel prior to 3.14. The flaw is in the rd_build_device_space function (drivers/target/target_core_rd.c), where a data structure is not properly initialized, enabling local users to read sensitive information from ramdisk_mcp memory by abusing access to a SCSI ini...
CVE-2014-4014
The CVE-2014-4014 issue is a Linux kernel local privilege escalation affecting versions before 3.14.8. The root cause is that namespaces are inapplicable to inodes, allowing a local user who creates a user namespace to bypass chmod restrictions by setting the setgid bit on a file with root group ...
CVE-2014-0155
The CVE-2014-0155 entry concerns the Linux kernel up to 3.14.1, where the ioapic_deliver function in virt/kvm/ioapic.c does not properly validate the return value of kvm_irq_delivery_to_apic. This can allow a guest OS user to trigger a host OS denial of service (host crash) via a crafted entry in...
CVE-2014-2038
CVE-2014-2038 affects the Linux kernel via the nfs_can_extend_write flaw in fs/nfs/write.c (before 3.13.3). The vulnerability relies on a write delegation to extend a write operation without an up‑to‑date verification, enabling local attackers to obtain sensitive kernel memory data by writing to ...
CVE-2014-0049
CVE-2014-0049 affects the Linux kernel up to version 3.13.5 via a buffer overflow in the complete_emulated_mmio path of arch/x86/kvm/x86.c. The flaw allows a guest OS user to trigger an invalid memory copy that can lead to arbitrary code execution on the host. The published fix is in Linux kernel...
CVE-2014-1690
The vulnerability CVE-2014-1690 affects the Linux kernel’s net/netfilter/nf_nat_irc.c before 3.12.8. An IRC DCC session with incorrect NAT mangle data can allow a remote attacker to read kernel memory. Impact is information disclosure; exploitation context is remote over the network. The fixed ve...
CVE-2014-3182
CVE-2014-3182 affects the Linux kernel up to version 3.16.1, where an array index error in the logi_dj_raw_event function of drivers/hid/hid-logitech-dj.c can be exploited by a physically proximate attacker using a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value to execute arbitrary code or cau...
CVE-2014-6416
CVE-2014-6416 describes a buffer overflow in net/ceph/auth_x.c used by Ceph within the Linux kernel prior to 3.16.3. An unencrypted, long auth ticket can be exploited remotely to trigger memory corruption and a kernel panic (DoS). Connected advisories reiter the same root cause and impact. Remedi...
CVE-2014-0203
CVE-2014-0203 affects the Linux kernel up to version 2.6.32.x, where the __do_follow_link function in fs/namei.c mishandles the last pathname component for certain filesystems, enabling a local attacker to trigger a denial of service (incorrect free operations and system crash) via an open() call...
CVE-2014-2673
CVE-2014-2673 : Linux kernel TM implementation on PowerPC has a flaw in arch_dup_task_struct interacting with clone/fork. In kernels before 3.13.7, this can allow a local user to trigger a denial of service (Program Check and system crash) by executing instructions while the processor is in Trans...
CVE-2014-2039
CVE-2014-2039 affects the Linux kernel on s390 where arch/s390/kernel/head64.S mishandles attempts to use the linkage stack, enabling local users to crash the system (denial of service) by executing a crafted instruction. The linked Nessus/MiracleUnity/EulerOS advisories confirm the issue exists ...
CVE-2014-7283
The vulnerability CVE-2014-7283 affects the Linux kernel xfs implementation: xfs_da3_fixhashpath in fs/xfs/xfs_da_btree.c fails to compare btree hash values correctly, before 3.14.2. This can allow local users to trigger filesystem corruption and OOPs/panic via operations on directories with hash...
CVE-2014-5045
CVE-2014-5045 – Linux kernel mountpoint_last bug (pre-3.15.8) Affected: Linux kernel versions prior to 3.15.8.Root cause: The mountpoint_last function in fs/namei.c does not properly maintain a reference count when unmount is used in conjunction with a symlink.Impact: Local users could cause deni...
CVE-2014-4157
CVE-2014-4157 affects the Linux kernel on MIPS up to 3.14.8. The fast system-call path does not configure _TIF_SECCOMP checks, letting local attackers bypass PR_SET_SECCOMP restrictions by running a crafted app without trace/audit. Impact: partial confidentiality, integrity, and availability (loc...
CVE-2014-6417
CVE-2014-6417 affects net/ceph/auth_x.c in Ceph usage within the Linux kernel prior to 3.16.3. The issue arises from not handling kmalloc failure, enabling a remote attacker to cause a denial of service (system crash) or potentially other impact via a long unencrypted auth ticket. Public advisori...
CVE-2014-6418
Summary of CVE-2014-6418 — firmware/driver component: In Ceph usage within the Linux kernel, net/ceph/auth_x.c handles auth replies and, prior to kernel 3.16.3, fails to properly validate them. This can be triggered by crafted data arriving from a Ceph Monitor IP address, potentially causing a de...