CVE-2014-2851 – Linux Kernel - 'group_info' refcounter Overflow Memory Corruption
https://notcve.org/view.php?id=CVE-2014-2851
Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. Desbordamiento de enteros en la función ping_init_sock en net/ipv4/ping.c en el kernel de Linux hasta 3.14.1 permite a usuarios locales causar una denegación de servicio (uso después de liberación y caída de sistema) o posiblemente ganar privilegios a través de una aplicación manipulada que aprovecha un contador de referencia manejado indebidamente. A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. • https://www.exploit-db.com/exploits/32926 http://secunia.com/advisories/59386 http://secunia.com/advisories/59599 http://www.debian.org/security/2014/dsa-2926 http://www.openwall.com/lists/oss-security/2014/04/11/4 http://www.securityfocus.com/bid/66779 http://www.securitytracker.com/id/1030769 https://bugzilla.redhat.com/show_bug.cgi?id=1086730 https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cac https://lkml.org& • CWE-416: Use After Free •
CVE-2014-0155
https://notcve.org/view.php?id=CVE-2014-0155
The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced. La función ioapic_deliver en virt/kvm/ioapic.c en el kernel de Linux hasta 3.14.1 no valida debidamente el valor de vuelta kvm_irq_delivery_to_apic, lo que permite a usuarios invitados del sistema operativo causar una denegación de servicio (caída de sistema operativo anfitrión) a través de una entrada manipulada en la tabla de redirección de I/O APIC. NOTA: el código afectado fue trasladado a la función ioapic_service antes de que la vulnerabilidad fue anunciada. • http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=5678de3f15010b9022ee45673f33bcfc71d47b60 http://www.openwall.com/lists/oss-security/2014/04/07/2 https://bugzilla.redhat.com/show_bug.cgi?id=1081589 • CWE-20: Improper Input Validation •
CVE-2014-2706 – Kernel: net: mac80211: crash dues to AP powersave TX vs. wakeup race
https://notcve.org/view.php?id=CVE-2014-2706
Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. Condición de carrera en el subsistema mac80211 en el kernel de Linux anterior a 3.13.7 permite a atacantes remotos causar una denegación de servicio (caída de sistema) a través de trafico de red que no interactúa debidamente con el estado WLAN_STA_PS_STA (también conocido como el modo power-save), relacionado con sta_info.c y tx.c. A race condition flaw was found in the way the Linux kernel's mac80211 subsystem implementation handled synchronization between TX and STA wake-up code paths. A remote attacker could use this flaw to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1d147bfa64293b2723c4fec50922168658e613ba http://linux.oracle.com/errata/ELSA-2014-3052.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://secunia.com/advisories/60613 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7 http://www.openwall.com/lists/oss-security/2014/04/01/8 http:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2014-0077 – kernel: vhost-net: insufficiency in handling of big packets in handle_rx()
https://notcve.org/view.php?id=CVE-2014-0077
drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. drivers/vhost/net.c en el kernel de Linux anterior a 3.13.10, cuando buffers combinables están deshabilitados, no valida debidamente los longitudes de paquetes, lo que permite a usuarios invitados del sistema operativo causar una denegación de servicio (corrupción de memoria y caída del sistema operativo anfitrión) o posiblemente ganar privilegios en el sistema operativo anfitrión a través de paquetes manipulados, relacionado con las funciones handle_rx y get_rx_bufs. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d8316f3991d207fe32881a9ac20241be8fa2bad0 http://secunia.com/advisories/59386 http://secunia.com/advisories/59599 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.10 http://www.securityfocus.com/bid/66678 https://bugzilla.redhat.com/show_bug.cgi?id=1064440 https://github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0 https://access.redhat.com/security/cve/CVE-2014-0077 • CWE-787: Out-of-bounds Write •
CVE-2014-2678 – kernel: net: rds: dereference of a NULL device in rds_iw_laddr_check()
https://notcve.org/view.php?id=CVE-2014-2678
The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. La función rds_iw_laddr_check en net/rds/iw.c en el kernel de Linux hasta 3.14 permite a usuarios locales causar una denegación de servicio (referencia a puntero nulo y caída de sistema) o posiblemente tener otro impacto no especificado a través de una llamada de sistema bind para un socket RDS en un sistema que carece de transportes RDS. A NULL pointer dereference flaw was found in the rds_iw_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system. • http://linux.oracle.com/errata/ELSA-2014-0926-1.html http://linux.oracle.com/errata/ELSA-2014-0926.html http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131276.html http://secunia.com/advisories/59386 http://secunia.com/advisories/60130 http://secunia.com/advisories/60471 http://www.openwall.com/lists/oss-security/2014/03/31/10 http://www.securityfocus.com/bid/66543 https://lkml.org/lkml/2014/3/29/188 https://access.redhat.com/security/cve/CV • CWE-476: NULL Pointer Dereference •