CVSS: 6.9EPSS: 1%CPEs: 49EXPL: 6CVE-2014-0196 – Linux Kernel Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2014-0196
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. La función n_tty_write en drivers/tty/n_tty.c en el kernel de Linux hasta 3.14.3 no maneja debidamente acceso al controlador tty en el caso 'LECHO & !OPOST', lo que permite a usuarios locales causar una denegación de servicio (consumo de memoria y caída de sistema) o ganar privilegios mediante la provocación de una condición de carrera involucrando operaciones de lectura y escritura con cadenas largas. Linux Kernel contains a race condition vulnerability within the n_tty_write function that allows local users to cause a denial-of-service (DoS) or gain privileges via read and write operations with long strings. • https://www.exploit-db.com/exploits/33516 https://github.com/tempbottle/CVE-2014-0196 https://github.com/SunRain/CVE-2014-0196 http://bugzilla.novell.com/show_bug.cgi?id=875690 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00 http://linux.oracle.com/errata/ELSA-2014-0771.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg0001 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.6EPSS: 0%CPEs: 87EXPL: 0CVE-2014-2889
https://notcve.org/view.php?id=CVE-2014-2889
Off-by-one error in the bpf_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 3.1.8, when BPF JIT is enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges via a long jump after a conditional jump. Error de superación de límite (off-by-one)en la función bpf_jit_compile en arch/x86/net/bpf_jit_comp.c en el kernel de Linux anterior a 3.1.8, cuando BPF JIT está habilitado, permite a usuarios locales causar una denegación de servicio (caída de sistema) o posiblemente ganar privilegios a través de un salto largo después de un salto condicional. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a03ffcf873fe0f2565386ca8ef832144c42e67fa http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8 http://www.openwall.com/lists/oss-security/2014/04/18/6 https://github.com/torvalds/linux/commit/a03ffcf873fe0f2565386ca8ef832144c42e67fa • CWE-189: Numeric Errors •
CVSS: 2.1EPSS: 0%CPEs: 8EXPL: 0CVE-2014-0181 – kernel: net: insufficient permision checks of netlink messages
https://notcve.org/view.php?id=CVE-2014-0181
The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program. La implementación Netlink en el kernel de Linux hasta 3.14.1 no proporciona un mecanismo para autorizar operaciones socket basadas en el abridor de un socket, lo que permite a usuarios locales evadir restricciones de acceso y modificar configuraciones de red mediante el uso de un socket Netlink para (1) stdout o (2) stderr de un programa setuid. It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://marc.info/?l=linux-netdev&m=139828832919748&w=2 http://rhn.redhat.com/errata/RHSA-2014-1959.html http://www.open • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 0%CPEs: 7EXPL: 2CVE-2014-2851 – Linux Kernel - 'group_info' refcounter Overflow Memory Corruption
https://notcve.org/view.php?id=CVE-2014-2851
Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. Desbordamiento de enteros en la función ping_init_sock en net/ipv4/ping.c en el kernel de Linux hasta 3.14.1 permite a usuarios locales causar una denegación de servicio (uso después de liberación y caída de sistema) o posiblemente ganar privilegios a través de una aplicación manipulada que aprovecha un contador de referencia manejado indebidamente. A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. • https://www.exploit-db.com/exploits/32926 http://secunia.com/advisories/59386 http://secunia.com/advisories/59599 http://www.debian.org/security/2014/dsa-2926 http://www.openwall.com/lists/oss-security/2014/04/11/4 http://www.securityfocus.com/bid/66779 http://www.securitytracker.com/id/1030769 https://bugzilla.redhat.com/show_bug.cgi?id=1086730 https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cac https://lkml.org& • CWE-416: Use After Free •
CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 1CVE-2014-2739
https://notcve.org/view.php?id=CVE-2014-2739
The cma_req_handler function in drivers/infiniband/core/cma.c in the Linux kernel 3.14.x through 3.14.1 attempts to resolve an RDMA over Converged Ethernet (aka RoCE) address that is properly resolved within a different module, which allows remote attackers to cause a denial of service (incorrect pointer dereference and system crash) via crafted network traffic. La función cma_req_handler en drivers/infiniband/core/cma.c en el kernel de Linux 3.14.x hasta 3.14.1 intenta resolver un RDMA sobre una dirección Converged Ethernet (también conocido como RoCE) que se resuelve debidamente dentro de un módulo diferente, lo que permite a atacantes remotos causar una denegación de servicio (referencia a puntero incorrecto y caída de sistema) a través de trafico de red manipulado. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b2853fd6c2d0f383dbdf7427e263eb576a633867 http://www.openwall.com/lists/oss-security/2014/04/10/9 http://www.securityfocus.com/bid/66716 https://bugzilla.redhat.com/show_bug.cgi?id=1085415 https://github.com/torvalds/linux/commit/b2853fd6c2d0f383dbdf7427e263eb576a633867 • CWE-20: Improper Input Validation •