7.2 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.006 Low
EPSS
Percentile
78.5%
An information leak was discovered in the Linux kernel when inotify is used
to monitor the /dev/ptmx device. A local user could exploit this flaw to
discover keystroke timing and potentially discover sensitive information
like password length. (CVE-2013-0160)
Vasily Kulikov reported a flaw in the Linux kernel’s implementation of
ptrace. An unprivileged local user could exploit this flaw to obtain
sensitive information from kernel memory. (CVE-2013-2929)
Andrew Honig reported a flaw in the Linux Kernel’s kvm_vm_ioctl_create_vcpu
function of the Kernel Virtual Machine (KVM) subsystem. A local user could
exploit this flaw to gain privileges on the host machine. (CVE-2013-4587)
Andrew Honig reported a flaw in the apic_get_tmcct function of the Kernel
Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could
exploit this flaw to cause a denial of service or host OS system crash.
(CVE-2013-6367)
Nico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec
AACRAID scsi raid devices in the Linux kernel. A local user could use this
flaw to cause a denial of service or possibly other unspecified impact.
(CVE-2013-6380)
Nico Golde and Fabian Yamaguchi reported buffer underflow errors in the
implementation of the XFS filesystem in the Linux kernel. A local user with
CAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory
corruption) or possibly other unspecified issues. (CVE-2013-6382)
Evan Huus reported a buffer overflow in the Linux kernel’s radiotap header
parsing. A remote attacker could cause a denial of service (buffer over-
read) via a specially crafted header. (CVE-2013-7027)
An information leak was discovered in the recvfrom, recvmmsg, and recvmsg
systemcalls when used with ISDN sockets in the Linux kernel. A local user
could exploit this leak to obtain potentially sensitive information from
kernel memory. (CVE-2013-7266)
An information leak was discovered in the recvfrom, recvmmsg, and recvmsg
systemcalls when used with apple talk sockets in the Linux kernel. A local
user could exploit this leak to obtain potentially sensitive information
from kernel memory. (CVE-2013-7267)
An information leak was discovered in the recvfrom, recvmmsg, and recvmsg
systemcalls when used with ipx protocol sockets in the Linux kernel. A
local user could exploit this leak to obtain potentially sensitive
information from kernel memory. (CVE-2013-7268)
An information leak was discovered in the recvfrom, recvmmsg, and recvmsg
systemcalls when used with the netrom address family in the Linux kernel. A
local user could exploit this leak to obtain potentially sensitive
information from kernel memory. (CVE-2013-7269)
An information leak was discovered in the recvfrom, recvmmsg, and recvmsg
systemcalls when used with packet address family sockets in the Linux
kernel. A local user could exploit this leak to obtain potentially
sensitive information from kernel memory. (CVE-2013-7270)
An information leak was discovered in the recvfrom, recvmmsg, and recvmsg
systemcalls when used with x25 protocol sockets in the Linux kernel. A
local user could exploit this leak to obtain potentially sensitive
information from kernel memory. (CVE-2013-7271)
An information leak was discovered in the Linux kernel’s SIOCWANDEV ioctl
call. A local user with the CAP_NET_ADMIN capability could exploit this
flaw to obtain potentially sensitive information from kernel memory.
(CVE-2014-1444)
An information leak was discovered in the wanxl ioctl function the
Linux kernel. A local user could exploit this flaw to obtain potentially
sensitive information from kernel memory. (CVE-2014-1445)
An information leak was discovered in the Linux kernel’s hamradio YAM
driver for AX.25 packet radio. A local user with the CAP_NET_ADMIN
capability could exploit this flaw to obtain sensitive information from
kernel memory. (CVE-2014-1446)
Matthew Thode reported a denial of service vulnerability in the Linux
kernel when SELinux support is enabled. A local user with the CAP_MAC_ADMIN
capability (and the SELinux mac_admin permission if running in enforcing
mode) could exploit this flaw to cause a denial of service (kernel crash).
(CVE-2014-1874)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 10.04 | noarch | linux-image-2.6.32-57-powerpc-smp | < 2.6.32-57.119 | UNKNOWN |
Ubuntu | 10.04 | noarch | block-modules-2.6.32-57-generic-di | < 2.6.32-57.119 | UNKNOWN |
Ubuntu | 10.04 | noarch | char-modules-2.6.32-57-generic-di | < 2.6.32-57.119 | UNKNOWN |
Ubuntu | 10.04 | noarch | crypto-modules-2.6.32-57-generic-di | < 2.6.32-57.119 | UNKNOWN |
Ubuntu | 10.04 | noarch | fat-modules-2.6.32-57-generic-di | < 2.6.32-57.119 | UNKNOWN |
Ubuntu | 10.04 | noarch | fb-modules-2.6.32-57-generic-di | < 2.6.32-57.119 | UNKNOWN |
Ubuntu | 10.04 | noarch | firewire-core-modules-2.6.32-57-generic-di | < 2.6.32-57.119 | UNKNOWN |
Ubuntu | 10.04 | noarch | floppy-modules-2.6.32-57-generic-di | < 2.6.32-57.119 | UNKNOWN |
Ubuntu | 10.04 | noarch | fs-core-modules-2.6.32-57-generic-di | < 2.6.32-57.119 | UNKNOWN |
Ubuntu | 10.04 | noarch | fs-secondary-modules-2.6.32-57-generic-di | < 2.6.32-57.119 | UNKNOWN |
ubuntu.com/security/CVE-2013-0160
ubuntu.com/security/CVE-2013-2929
ubuntu.com/security/CVE-2013-4587
ubuntu.com/security/CVE-2013-6367
ubuntu.com/security/CVE-2013-6380
ubuntu.com/security/CVE-2013-6382
ubuntu.com/security/CVE-2013-7027
ubuntu.com/security/CVE-2013-7266
ubuntu.com/security/CVE-2013-7267
ubuntu.com/security/CVE-2013-7268
ubuntu.com/security/CVE-2013-7269
ubuntu.com/security/CVE-2013-7270
ubuntu.com/security/CVE-2013-7271
ubuntu.com/security/CVE-2014-1444
ubuntu.com/security/CVE-2014-1445
ubuntu.com/security/CVE-2014-1446
ubuntu.com/security/CVE-2014-1874