CVE-2014-0196 – Linux Kernel Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2014-0196
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. La función n_tty_write en drivers/tty/n_tty.c en el kernel de Linux hasta 3.14.3 no maneja debidamente acceso al controlador tty en el caso 'LECHO & !OPOST', lo que permite a usuarios locales causar una denegación de servicio (consumo de memoria y caída de sistema) o ganar privilegios mediante la provocación de una condición de carrera involucrando operaciones de lectura y escritura con cadenas largas. Linux Kernel contains a race condition vulnerability within the n_tty_write function that allows local users to cause a denial-of-service (DoS) or gain privileges via read and write operations with long strings. • https://www.exploit-db.com/exploits/33516 https://github.com/tempbottle/CVE-2014-0196 https://github.com/SunRain/CVE-2014-0196 http://bugzilla.novell.com/show_bug.cgi?id=875690 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00 http://linux.oracle.com/errata/ELSA-2014-0771.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg0001 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2014-2889
https://notcve.org/view.php?id=CVE-2014-2889
Off-by-one error in the bpf_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 3.1.8, when BPF JIT is enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges via a long jump after a conditional jump. Error de superación de límite (off-by-one)en la función bpf_jit_compile en arch/x86/net/bpf_jit_comp.c en el kernel de Linux anterior a 3.1.8, cuando BPF JIT está habilitado, permite a usuarios locales causar una denegación de servicio (caída de sistema) o posiblemente ganar privilegios a través de un salto largo después de un salto condicional. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a03ffcf873fe0f2565386ca8ef832144c42e67fa http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8 http://www.openwall.com/lists/oss-security/2014/04/18/6 https://github.com/torvalds/linux/commit/a03ffcf873fe0f2565386ca8ef832144c42e67fa • CWE-189: Numeric Errors •
CVE-2014-0181 – kernel: net: insufficient permision checks of netlink messages
https://notcve.org/view.php?id=CVE-2014-0181
The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program. La implementación Netlink en el kernel de Linux hasta 3.14.1 no proporciona un mecanismo para autorizar operaciones socket basadas en el abridor de un socket, lo que permite a usuarios locales evadir restricciones de acceso y modificar configuraciones de red mediante el uso de un socket Netlink para (1) stdout o (2) stderr de un programa setuid. It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://marc.info/?l=linux-netdev&m=139828832919748&w=2 http://rhn.redhat.com/errata/RHSA-2014-1959.html http://www.open • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-2851 – Linux Kernel - 'group_info' refcounter Overflow Memory Corruption
https://notcve.org/view.php?id=CVE-2014-2851
Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. Desbordamiento de enteros en la función ping_init_sock en net/ipv4/ping.c en el kernel de Linux hasta 3.14.1 permite a usuarios locales causar una denegación de servicio (uso después de liberación y caída de sistema) o posiblemente ganar privilegios a través de una aplicación manipulada que aprovecha un contador de referencia manejado indebidamente. A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. • https://www.exploit-db.com/exploits/32926 http://secunia.com/advisories/59386 http://secunia.com/advisories/59599 http://www.debian.org/security/2014/dsa-2926 http://www.openwall.com/lists/oss-security/2014/04/11/4 http://www.securityfocus.com/bid/66779 http://www.securitytracker.com/id/1030769 https://bugzilla.redhat.com/show_bug.cgi?id=1086730 https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cac https://lkml.org& • CWE-416: Use After Free •
CVE-2014-0155
https://notcve.org/view.php?id=CVE-2014-0155
The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced. La función ioapic_deliver en virt/kvm/ioapic.c en el kernel de Linux hasta 3.14.1 no valida debidamente el valor de vuelta kvm_irq_delivery_to_apic, lo que permite a usuarios invitados del sistema operativo causar una denegación de servicio (caída de sistema operativo anfitrión) a través de una entrada manipulada en la tabla de redirección de I/O APIC. NOTA: el código afectado fue trasladado a la función ioapic_service antes de que la vulnerabilidad fue anunciada. • http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=5678de3f15010b9022ee45673f33bcfc71d47b60 http://www.openwall.com/lists/oss-security/2014/04/07/2 https://bugzilla.redhat.com/show_bug.cgi?id=1081589 • CWE-20: Improper Input Validation •