CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1CVE-2014-3601 – kernel: kvm: invalid parameter passing in kvm_iommu_map_pages()
https://notcve.org/view.php?id=CVE-2014-3601
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages. La función kvm_iommu_map_pages en virt/kvm/iommu.c en el kernel de Linux hasta 3.16.1 calcula erróneamente el número de las páginas durante el manejo de un fallo en las asignaciones, lo que permite a usuarios del sistema operativo invitado (1) causar una denegación de servicio (corrupción de la memoria del sistema operativo anfitrión) o posiblemente tener otro impacto no especificado mediante la provocación de un valor gfn grande o (2) causar una denegación de servicio (corrupción de la memoria del sistema operativo anfitrión) mediante la provocación de un valor gfn pequeño que conduce a páginas fijadas (pinned) permanentemente. A flaw was found in the way the Linux kernel's kvm_iommu_map_pages() function handled IOMMU mapping failures. A privileged user in a guest with an assigned host device could use this flaw to crash the host. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://secunia.com/advisories/60830 http://www.securityfocus.com/bid/69489 http://www.ubuntu.com/usn/USN-2356-1 http://www.ubuntu.com/usn/USN-2357&# • CWE-189: Numeric Errors •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 3CVE-2014-5207 – Linux Kernel < 3.16.1 - 'Remount FUSE' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-5207
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace. fs/namespace.c en el kernel de Linux hasta 3.16.1 no restringe debidamente la limpieza MNT_NODEV, MNT_NOSUID, y MNT_NOEXEC y el cambio MNT_ATIME_MASK durante un remontaje de un montaje bind, lo que permite a usuarios locales ganar privilegios, interferir con copias de seguridad y auditoria en sistemas que tenían atime habilitado, o causar una denegación de servicio (la actualización excesiva de sistemas de ficheros) en sistemas que tenían atime deshabilitado a través de un comando 'mount -o remount' dentro de un espacio para el nombre del usuario. • https://www.exploit-db.com/exploits/34923 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9566d6742852c527bf5af38af5cbb878dad75705 http://osvdb.org/show/osvdb/110055 http://packetstormsecurity.com/files/128595/Linux-Kernel-3.16.1-FUSE-Privilege-Escalation.html http://seclists.org/oss-sec/2014/q3/352 http://www.exploit-db.com/exploits/34923 http://www.openwall.com/lists/oss-security/2014/08/13/4 http://www.securityfocus.com/bid/69216 http:/& • CWE-269: Improper Privilege Management •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 1CVE-2014-5045 – kernel: vfs: refcount issues during unmount on symlink
https://notcve.org/view.php?id=CVE-2014-5045
The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program. La función mountpoint_last en fs/namei.c en el kernel de Linux anterior a 3.15.8 no mantiene debidamente cierta cuenta de referencias durante intentos de utilizar la llamada al sistema umount en conjunto con un enlace simbólico, lo que permite a usuarios locales causar una denegación de servicio (consumo de memoria o uso después de liberación) o posiblemente tener otro impacto no especificado a través del programa umount. A flaw was found in the way the Linux kernel's VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=295dc39d941dc2ae53d5c170365af4c9d5c16212 http://rhn.redhat.com/errata/RHSA-2015-0062.html http://secunia.com/advisories/60353 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8 http://www.openwall.com/lists/oss-security/2014/07/24/2 http://www.securityfocus.com/bid/68862 https://bugzilla.redhat.com/show_bug.cgi?id=1122472 https://github.com/torvalds/linux/commit/295dc39d941dc2ae53d5c170365af4 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2014-3534 – kernel: s390: ptrace: insufficient sanitization when setting psw mask
https://notcve.org/view.php?id=CVE-2014-3534
arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call. arch/s390/kernel/ptrace.c en el kernel de Linux anterior a 3.15.8 en el plataforma s390 no restringe debidamente las operaciones de control de la restricción del espacio para direcciones en las solicitudes PTRACE_POKEUSR_AREA, lo que permite a usuarios locales obtener el acceso a la lectura y la escritura en las localizaciones de la memoria del kernel, y como consecuencia ganar privilegios, a través de una aplicación que realiza una llamada al sistema ptrace. It was found that Linux kernel's ptrace subsystem did not properly sanitize the address-space-control bits when the program-status word (PSW) was being set. On IBM S/390 systems, a local, unprivileged user could use this flaw to set address-space-control bits to the kernel space, and thus gain read and write access to kernel memory. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dab6cf55f81a6e16b8147aed9a843e1691dcd318 http://secunia.com/advisories/59790 http://secunia.com/advisories/60351 http://www.debian.org/security/2014/dsa-2992 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8 http://www.osvdb.org/109546 http://www.securityfocus.com/bid/68940 http://www.securitytracker.com/id/1030683 https://bugzilla.redhat.com/show_bug.cgi?id=1114089 https://excha • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 6.9EPSS: 0%CPEs: 11EXPL: 3CVE-2014-4699 – Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - 'ptrace/sysret' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-4699
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls. El kernel de Linux anterior a 3.15.4 en los procesadores Intel no restringe debidamente el uso de un valor no canónico para la dirección RIP guardada en el caso de una llamada del sistema que no utilice IRET, lo que permite a usuarios locales aprovechar una condición de carrera y ganar privilegios, o causar una denegación de servicio (fallo doble), a través de una aplicación manipulada que realice llamadas de sistemas ptrace y fork. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU. • https://www.exploit-db.com/exploits/34134 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a http://linux.oracle.com/errata/ELSA-2014-0924.html http://linux.oracle.com/errata/ELSA-2014-3047.html http://linux.oracle.com/errata/ELSA-2014-3048.html http://openwall.com/lists/oss-security/2014/07/05/4 http://openwall.com/lists/oss-security/2014/07/08/16 http://openwall.com/lists/oss-security/2014/07/08 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-642: External Control of Critical State Data •