129 matches found
CVE-2014-3153
The CVE-2014-3153 issue affects the Linux kernel futex_requeue path (kernel/futex.c) through version 3.14.5. A local unprivileged user can exploit FUTEX_REQUEUE with two identical futex addresses to gain privileges or modify waiter state, causing potential privilege escalation and memory impact. ...
CVE-2014-0196
CVE-2014-0196 affects the Linux kernel (through 3.14.3) specifically the n_tty_write function in drivers/tty/n_tty.c. The flaw permits a local user to trigger a race condition between read and write operations with long strings in the LECHO & !OPOST case, enabling denial of service (memory corrup...
CVE-2014-0101
The CVE-2014-0101 issue affects the Linux kernel up to version 3.13.6, where the function sctp_sf_do_5_1D_ce in net/sctp/sm_statefuns.c does not validate certain auth_enable/auth_capable fields before sctp_sf_authenticate. This can enable a remote attacker to cause a denial of service by sending ...
CVE-2014-2523
CVE-2014-2523 applies to the Linux kernel code path net/netfilter/nf_conntrack_proto_dccp.c up to version 3.13.6. The vulnerability arises from incorrect handling of a DCCP header pointer, which could allow remote attackers to cause a system crash ( denial of service ) or potentially execute arbi...
CVE-2014-8559
CVE-2014-8559 is tied to the Linux kernel up to version 3.17.2, where the d_walk function in fs/dcache.c fails to properly preserve the semantics of rename_lock. This can allow a local attacker to cause a denial of service via a deadlock and system hang. The connected advisories state that the is...
CVE-2012-6657
CVE-2012-6657 affects the Linux kernel up to version 3.5.7. The vulnerability lies in sock_setsockopt in net/core/sock.c, where a keepalive action may not be properly associated with a stream socket, enabling a local attacker to cause a denial of service (system crash) by leveraging the ability t...
CVE-2014-0181
The CVE-2014-0181 issue affects the Linux kernel Netlink implementation prior to 3.14.1, where there is no authorization based on the opener of a Netlink socket. This can allow a local user to bypass intended access restrictions and modify network configurations by using a Netlink socket for the ...
CVE-2014-6410
The vulnerability CVE-2014-6410 affects the Linux kernel (through 3.16.3) in the UDF filesystem: the __udf_read_inode function does not restrict ICB indirection, enabling a local, physically proximate attacker to cause a denial of service (infinite loop or stack consumption) via a crafted inode. ...
CVE-2014-8134
CVE-2014-8134 affects the Linux kernel’s KVM paravirt code path (arch/x86/kernel/kvm.c, paravirt_ops_setup) through version 3.18. The root cause is an improper paravirt_enabled setting for KVM guest kernels, which could allow a guest user to bypass ASLR via a crafted application that reads a 16‑b...
CVE-2014-4943
CVE-2014-4943 affects the Linux kernel up to 3.15.6, specifically the PPPoL2TP feature in net/l2tp/l2tp_ppp.c. The vulnerability arises from data-structure differences between an l2tp socket and an inet socket, enabling local privilege escalation. Public details in connected sources include PoC/e...
CVE-2014-0038
The CVE-2014-0038 issue affects the Linux kernel before 3.13.2 when CONFIG_X86_X32 is enabled: the compat_sys_recvmmsg function in net/compat.c can be exploited via recvmmsg with a crafted timeout pointer to gain local privileges. Public references document a local privilege escalation (exploitab...
CVE-2014-7970
CVE-2014-7970 is described in connected Lenovo advisories as a Linux kernel vulnerability where pivot_root() could be misused to trigger a local denial of service (mount-tree loop) via dot-path arguments. Lenovo’s advisory for PowerKVM lists affected product: PowerKVM v3.1, and states the issue i...
CVE-2014-9322
CVE-2014-9322 affects the Linux kernel pre-3.17.5 where arch/x86/kernel/entry_64.S mishandles faults on the Stack Segment (SS) during IRET, allowing a local user to escalate privileges by accessing a GS Base address from the wrong space. Public PoC/exploitation (BadIRET) exists, illustrating loca...
CVE-2014-8133
CVE-2014-8133 affects the Linux kernel TLS implementation (arch/x86/kernel/tls.c) up to version 3.18.1. A local attacker can exploit a crafted application that uses set_thread_area and subsequently reads a 16‑bit value to bypass the espfix protection and, in turn, bypass ASLR. The description con...
CVE-2014-3645
CVE-2014-3645 affects the Linux kernel KVM implementation in arch/x86/kvm/vmx.c, with versions before 3.12. The root cause is that the code path handling the INVEPT instruction lacks an exit handler, which can allow a guest OS user to trigger a denial of service by crashing the guest via a crafte...
CVE-2014-9419
CVE-2014-9419 affects the Linux kernel (arch/x86/kernel/process_64.c) up to version 3.18.1. The issue fails to ensure TLS descriptors are loaded before proceeding with other steps, enabling a local attacker to bypass ASLR by crafting an application that reads a TLS base address. Connected advisor...
CVE-2014-3122
CVE-2014-3122 affects the Linux kernel local memory-management path. The advisory centers on the try_to_unmap_cluster function in mm/rmap.c, where the code path did not consistently lock pages, enabling a local user to trigger a memory-usage pattern that can force removal of page-table mappings a...
CVE-2014-3917
CVE-2014-3917 affects the Linux kernel up to 3.14.5, specifically kernel/auditsc.c when CONFIG_AUDITSYSCALL is enabled with certain syscall rules. Local users can obtain sensitive single-bit values from kernel memory or trigger a denial of service (OOPS) by using a large syscall number. Exploitat...
CVE-2014-7841
CVE-2014-7841 affects the Linux kernel SCTP implementation (net/sctp/sm_make_chunk.c) with ASCONF enabled. A malformed INIT chunk can trigger a NULL pointer dereference, causing a system crash (DoS). Affected: kernel versions before 3.17.4; fix: upgrade to 3.17.4 or later (kernel changelog confir...
CVE-2014-3610
CVE-2014-3610 is a Linux kernel KVM WRMSR emulation flaw present up to and including 3.17.2. The issue arises when guest writes a non-canonical value to a model-specific register, causing the host to crash (DoS). It is tied to wrmsr_interception (arch/x86/kvm/svm.c) and handle_wrmsr (arch/x86/kvm...
CVE-2014-3673
The vulnerability CVE-2014-3673 affects the SCTP implementation in the Linux kernel up to version 3.17.2. A malformed ASCONF chunk can be sent by a remote attacker to trigger a denial of service (system crash). Affected components are net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. Remediat...
CVE-2014-7842
The CVE-2014-7842 issue affects the Linux kernel’s arch/x86/kvm/x86.c; a race condition prior to 3.17.4 can allow a guest OS user to trigger an MMIO/PIO‑driven emulation error report, causing a guest crash (denial of service). Public notes in Nessus advisories reference CVE-2010-5313 as related. ...
CVE-2014-3690
CVE-2014-3690 affects arch/x86/kvm/vmx.c in the Linux kernel’s KVM subsystem on Intel, where the CR4 control register value may not be preserved across VM entries. The vendor-provided details in connected Nessus advisories describe a local attacker with access to /dev/kvm who can kill arbitrary p...
CVE-2014-4608
CVE-2014-4608 refers to multiple integer overflows in the LZO decompressor (lzo1x_decompress_safe) in the Linux kernel before 3.15.2, which can cause memory corruption and denial of service via a crafted Literal Run. Some advisories note the Linux kernel is not affected (media hype), while securi...
CVE-2014-1737
CVE-2014-1737 affects the Linux kernel (through 3.14.3) and its floppy driver (drivers/block/floppy.c). The flaw is in raw_cmd_copyin not handling error conditions during processing of an FDRAWCMD ioctl, enabling local users with write access to /dev/fd to trigger kfree and potentially gain privi...
CVE-2014-0077
CVE-2014-0077 concerns the Linux kernel component drivers/vhost/net.c . When mergeable buffers are disabled, the code path does not properly validate packet lengths, enabling a guest OS user to trigger a memory corruption that could cause a host crash or, per wording, potentially gain privileges ...
CVE-2014-5077
CVE-2014-5077 affects the Linux kernel’s SCTP code: the function sctp_assoc_update in net/sctp/associola.c (affected in kernel builds up to 3.15.8) can be triggered when SCTP authentication is enabled. An attacker can cause a denial of service via a NULL pointer dereference and kernel OOPS by ini...
CVE-2014-1874
The CVE-2014-1874 entry is about the Linux kernel vulnerability in security/selinux/ss/services.c: the security_context_to_sid_core function before 3.13.4 allows local users with CAP_MAC_ADMIN to set a zero-length security context, causing a denial of service (system crash). Affected product: Lin...
CVE-2014-3687
The provided materials confirm CVE-2014-3687 affects the Linux kernel SCTP implementation (net/sctp/associola.c) up to version 3.17.2. The vulnerability allows remote attackers to cause a denial of service (panic) by sending duplicate ASCONF chunks, triggering an incorrect uncork within the side-...
CVE-2014-7975
CVE-2014-7975 : The Linux kernel up to 3.17 allows a local user to trigger DoS by remounting root read-only without CAP_SYS_ADMIN. This occurs in do_remount_sb invoked via unshare/mount flows, clearing MNT_LOCKED and issuing MNT_FORCE unmount. Connected Nessus advisories for Unity Linux reference...
CVE-2014-3144
CVE-2014-3144 affects the Linux kernel up to 3.14.3. The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST implementations in the sk_run_filter function (net/core/filter.c) do not properly verify a length value, enabling a local attacker to trigger a denial of service via crafted BPF instruction...
CVE-2014-2851
CVE-2014-2851: Integer overflow in ping_init_sock (net/ipv4/ping.c) of the Linux kernel up to 3.14.1 allows local users to cause a denial of service (use‑after‑free and system crash) and potentially gain privileges via a crafted application that exploits an improperly managed reference counter. C...
CVE-2014-5471
CVE-2014-5471 affects the Linux kernel up to 3.16.1, specifically the parse_rock_ridge_inode_internal function in fs/isofs/rock.c. A crafted iso9660 image with a CL entry referencing a directory entry that has a CL entry can cause uncontrolled recursion, leading to a local denial of service, syst...
CVE-2013-7263
The CVE-2013-7263 issue affects the Linux kernel before 3.12.4, where certain length values are updated before kernel data structures are initialized, enabling local attackers to read sensitive information from kernel stack memory via recvfrom, recvmmsg, or recvmsg. Connected Nessus entries (Unit...
CVE-2014-2309
CVE-2014-2309 affects the Linux kernel (net/ipv6/route.c, function ip6_route_add) up to version 3.13.6. It causes memory exhaustion via a flood of ICMPv6 Router Advertisement packets, enabling a remote attacker to trigger DoS. The connected Nessus/OpenVAS advisories reference Unity Linux security...
CVE-2014-0131
CVE-2014-0131 affects the Linux kernel up to version 3.13.6. The vulnerability is a use-after-free in the skb_segment function within net/core/skbuff.c caused by the absence of a certain orphaning operation. Exploitation details are not provided in the supplied documents. The impact is that an at...
CVE-2014-4653
Summary (CVE-2014-4653) : The ALSA control implementation in the Linux kernel has a race/lock handling issue in sound/core/control.c. It does not ensure possession of a read/write lock, enabling a local attacker to trigger a denial of service (use-after-free) and to potentially read kernel memory...
CVE-2014-4508
CVE-2014-4508 affects the Linux kernel on 32-bit x86 (arch/x86/kernel/entry_32.S) up to version 3.15.1. When syscall auditing is enabled and the sep CPU feature flag is set, a local user can trigger a denial-of-service (OOPS and crash) by using an invalid syscall number (demonstrated with number ...
CVE-2014-0069
The CVE-2014-0069 entry affects the Linux kernel (fs/cifs/file.c: cifs_iovec_write) up to version 3.13.5. The vulnerability stems from improper handling of uncached write operations that copy fewer bytes than requested, enabling local users to read kernel memory (information disclosure), cause me...
CVE-2014-3647
CVE-2014-3647 affects the Linux kernel KVM emulation path: arch/x86/kvm/emulate.c. The root cause is improper handling of RIP changes during instruction emulation, enabling a local guest OS user to crash the guest (DoS) with a crafted application in kernels up to 3.17.2. The provided connected do...
CVE-2014-2678
CVE-2014-2678 affects the Linux kernel (net/rds/iw.c). The rds_iw_laddr_check function can be triggered by a bind() on an RDS socket on systems lacking RDS transports, enabling local attackers to cause a NULL pointer dereference and a system crash (DoS). This is described as affecting kernels up ...
CVE-2014-3611
CVE-2014-3611 corresponds to a race condition in the Linux kernel’s KVM PIT emulation: the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c, with affected versions up to and including 3.17.2. The vulnerability allows a guest OS user to trigger a host OS crash via incorrect PIT emulation. ...
CVE-2014-4699
CVE-2014-4699 affects the Linux kernel prior to 3.15.4 on Intel CPUs: a non-canonical saved RIP value in system calls that do not use IRET can be exploited via ptrace and fork to escalate privileges or trigger a denial of service (double fault). Multiple connected advisories (e.g., MiracleLinux A...
CVE-2014-3646
CVE-2014-3646 affects the Linux kernel’s KVM implementation: arch/x86/kvm/vmx.c lacks an exit handler for the INVVPID instruction, enabling a local guest-user to crash the guest OS (DoS) via a crafted application. Public remote advisories in connected Nessus plugins confirm the issue exists in ke...
CVE-2014-4656
CVE-2014-4656 affects the Linux kernel ALSA sound control (sound/core/control.c). The vulnerability arises from multiple integer overflows in ALSA control handling, exploitable by local users via /dev/snd/controlCX to cause a denial of service. The issue is tied to (1) index values in snd_ctl_add...
CVE-2014-7145
CVE-2014-7145 affects the Linux kernel SMB2_tcon() in fs/cifs/smb2pdu.c, where remote CIFS servers can trigger a NULL pointer dereference by deleting the IPC$ share during DFS referrals, potentially causing a denial of service. The issue is fixed in kernel 3.16.3 (per ChangeLog-3.16.3). Connected...
CVE-2014-9420
CVE-2014-9420 affects the Linux kernel iso9660 isofs rock.c: rock_continue does not bound the number of Rock Ridge continuation entries, allowing a local attacker crafting an ISO image to trigger an infinite loop and cause DoS (system hang/crash) on kernels up to 3.18.1. Public advisories from Ce...
CVE-2014-1738
CVE-2014-1738 is a Linux kernel vulnerability in the floppy driver (raw_cmd_copyout) where processing FDRAWCMD IOCTL calls could allow local attackers with write access to /dev/fd to read kernel heap memory. The flaw is described as an improper restriction of pointers during FDRAWCMD processing, ...
CVE-2014-3688
CVE-2014-3688 affects the Linux kernel SCTP implementation prior to 3.17.4. The vulnerability allows a remote attacker to cause a denial of service via memory consumption by triggering a large number of chunks in an association’s output queue (ASCONF probes), related to net/sctp/inqueue.c and net...
CVE-2010-5313
CVE-2010-5313 is demonstrated in the Linux kernel’s arch/x86/kvm/x86.c, where a race condition allows L2 guest OS users to trigger an L2 emulation failure report and cause a denial of service on the L1 guest (as described in the CVE entry). The affected lineage is the Linux kernel before 2.6.38. ...