CVE-2014-2889
https://notcve.org/view.php?id=CVE-2014-2889
Off-by-one error in the bpf_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 3.1.8, when BPF JIT is enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges via a long jump after a conditional jump. Error de superación de límite (off-by-one)en la función bpf_jit_compile en arch/x86/net/bpf_jit_comp.c en el kernel de Linux anterior a 3.1.8, cuando BPF JIT está habilitado, permite a usuarios locales causar una denegación de servicio (caída de sistema) o posiblemente ganar privilegios a través de un salto largo después de un salto condicional. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a03ffcf873fe0f2565386ca8ef832144c42e67fa http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8 http://www.openwall.com/lists/oss-security/2014/04/18/6 https://github.com/torvalds/linux/commit/a03ffcf873fe0f2565386ca8ef832144c42e67fa • CWE-189: Numeric Errors •
CVE-2014-0181 – kernel: net: insufficient permision checks of netlink messages
https://notcve.org/view.php?id=CVE-2014-0181
The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program. La implementación Netlink en el kernel de Linux hasta 3.14.1 no proporciona un mecanismo para autorizar operaciones socket basadas en el abridor de un socket, lo que permite a usuarios locales evadir restricciones de acceso y modificar configuraciones de red mediante el uso de un socket Netlink para (1) stdout o (2) stderr de un programa setuid. It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://marc.info/?l=linux-netdev&m=139828832919748&w=2 http://rhn.redhat.com/errata/RHSA-2014-1959.html http://www.open • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-0155
https://notcve.org/view.php?id=CVE-2014-0155
The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced. La función ioapic_deliver en virt/kvm/ioapic.c en el kernel de Linux hasta 3.14.1 no valida debidamente el valor de vuelta kvm_irq_delivery_to_apic, lo que permite a usuarios invitados del sistema operativo causar una denegación de servicio (caída de sistema operativo anfitrión) a través de una entrada manipulada en la tabla de redirección de I/O APIC. NOTA: el código afectado fue trasladado a la función ioapic_service antes de que la vulnerabilidad fue anunciada. • http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=5678de3f15010b9022ee45673f33bcfc71d47b60 http://www.openwall.com/lists/oss-security/2014/04/07/2 https://bugzilla.redhat.com/show_bug.cgi?id=1081589 • CWE-20: Improper Input Validation •
CVE-2014-2706 – Kernel: net: mac80211: crash dues to AP powersave TX vs. wakeup race
https://notcve.org/view.php?id=CVE-2014-2706
Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. Condición de carrera en el subsistema mac80211 en el kernel de Linux anterior a 3.13.7 permite a atacantes remotos causar una denegación de servicio (caída de sistema) a través de trafico de red que no interactúa debidamente con el estado WLAN_STA_PS_STA (también conocido como el modo power-save), relacionado con sta_info.c y tx.c. A race condition flaw was found in the way the Linux kernel's mac80211 subsystem implementation handled synchronization between TX and STA wake-up code paths. A remote attacker could use this flaw to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1d147bfa64293b2723c4fec50922168658e613ba http://linux.oracle.com/errata/ELSA-2014-3052.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://secunia.com/advisories/60613 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7 http://www.openwall.com/lists/oss-security/2014/04/01/8 http:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2014-0077 – kernel: vhost-net: insufficiency in handling of big packets in handle_rx()
https://notcve.org/view.php?id=CVE-2014-0077
drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. drivers/vhost/net.c en el kernel de Linux anterior a 3.13.10, cuando buffers combinables están deshabilitados, no valida debidamente los longitudes de paquetes, lo que permite a usuarios invitados del sistema operativo causar una denegación de servicio (corrupción de memoria y caída del sistema operativo anfitrión) o posiblemente ganar privilegios en el sistema operativo anfitrión a través de paquetes manipulados, relacionado con las funciones handle_rx y get_rx_bufs. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d8316f3991d207fe32881a9ac20241be8fa2bad0 http://secunia.com/advisories/59386 http://secunia.com/advisories/59599 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.10 http://www.securityfocus.com/bid/66678 https://bugzilla.redhat.com/show_bug.cgi?id=1064440 https://github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0 https://access.redhat.com/security/cve/CVE-2014-0077 • CWE-787: Out-of-bounds Write •