Ubuntu.comUB:CVE-2014-3917CVE-2014-3917
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:N/A:P
0.0004 Low
EPSS
Percentile
5.3%
kernel/auditsc.c in the Linux kernel through 3.14.5, when
CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local
users to obtain potentially sensitive single-bit values from kernel memory
or cause a denial of service (OOPS) via a large value of a syscall number.
Bugs
Notes
| Author | Note |
|---|---|
| jdstrand | android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 10.04 | noarch | linux | < 2.6.32-64.128 | UNKNOWN |
| ubuntu | 12.04 | noarch | linux | < 3.2.0-68.102 | UNKNOWN |
| ubuntu | 13.10 | noarch | linux | < 3.11.0-26.45 | UNKNOWN |
| ubuntu | 14.04 | noarch | linux | < 3.13.0-33.58 | UNKNOWN |
| ubuntu | 12.04 | noarch | linux-armadaxp | < 3.2.0-1637.54 | UNKNOWN |
| ubuntu | 10.04 | noarch | linux-ec2 | < 2.6.32-368.84 | UNKNOWN |
| ubuntu | 12.04 | noarch | linux-lts-quantal | < 3.5.0-54.81~precise1 | UNKNOWN |
| ubuntu | 12.04 | noarch | linux-lts-raring | < 3.8.0-44.66~precise1 | UNKNOWN |
| ubuntu | 12.04 | noarch | linux-lts-saucy | < 3.11.0-26.45~precise1 | UNKNOWN |
| ubuntu | 12.04 | noarch | linux-lts-trusty | < 3.13.0-33.58~precise1 | UNKNOWN |
References
article.gmane.org/gmane.linux.kernel/1713179
launchpad.net/bugs/cve/CVE-2014-3917
nvd.nist.gov/vuln/detail/CVE-2014-3917
security-tracker.debian.org/tracker/CVE-2014-3917
ubuntu.com/security/notices/USN-2281-1
ubuntu.com/security/notices/USN-2282-1
ubuntu.com/security/notices/USN-2285-1
ubuntu.com/security/notices/USN-2286-1
ubuntu.com/security/notices/USN-2287-1
ubuntu.com/security/notices/USN-2289-1
ubuntu.com/security/notices/USN-2313-1
ubuntu.com/security/notices/USN-2314-1
ubuntu.com/security/notices/USN-2334-1
ubuntu.com/security/notices/USN-2335-1
www.cve.org/CVERecord?id=CVE-2014-3917
Related
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:N/A:P
0.0004 Low
EPSS
Percentile
5.3%