CVE-2014-3673 – kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks
https://notcve.org/view.php?id=CVE-2014-3673
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. La implementación SCTP en el kernel de Linux hasta 3.17.2 permite a atacantes remotos causar una denegación de servicio (caída del sistema) a través de un chunk ASCONF malformado, relacionado con net/sctp/sm_make_chunk.c y net/sctp/sm_statefuns.c. A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled malformed Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9de7922bc709eee2f609cd01d98aaedc4cf5ea74 http://linux.oracle.com/errata/ELSA-2014-3087.html http://linux.oracle.com/errata/ELSA-2014-3088.html http://linux.oracle.com/errata/ELSA-2014-3089.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html • CWE-20: Improper Input Validation •
CVE-2014-3687 – kernel: net: sctp: fix panic on duplicate ASCONF chunks
https://notcve.org/view.php?id=CVE-2014-3687
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. La función sctp_assoc_lookup_asconf_ack en net/sctp/associola.c en la implementación SCTP en el kernel de Linux hasta 3.17.2 permite a atacantes remotos causar una denegación de servicio (kernel panic) a través de trozos ASCONF duplicados que provocan una liberación incorrecta dentro del intérprete de efectos secundarios. A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b69040d8e39f20d5215a03502a8e8b4c6ab78395 http://linux.oracle.com/errata/ELSA-2014-3087.html http://linux.oracle.com/errata/ELSA-2014-3088.html http://linux.oracle.com/errata/ELSA-2014-3089.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html • CWE-400: Uncontrolled Resource Consumption •
CVE-2014-3917 – kernel: DoS with syscall auditing
https://notcve.org/view.php?id=CVE-2014-3917
kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. kernel/auditsc.c en el kernel de Linux hasta 3.14.5, cuando CONFIG_AUDITSYSCALL está habilitado con ciertas normas syscall, permite a usuarios locales obtener valores de un único bit potencialmente sensibles de la memoria del kernel o causar una denegación de servicio (OOPS) a través de un valor grande de un número syscall. An out-of-bounds memory access flaw was found in the Linux kernel's system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kernel memory to user space or, potentially, crash the system. • http://article.gmane.org/gmane.linux.kernel/1713179 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://rhn.redhat.com/errata/RHSA-2014-1143.html http://rhn.redhat.com/errata/RHSA-2014-1281.html http://secunia.com/advisories/59777 http://secunia.com/advisories/60011 http://secunia.com/advisories/60564 http://www.openwall.com/lists/oss-security/2014/05/29/5 http://www.ubuntu.com/usn/USN-2334-1 http://www.ubuntu.com/usn/USN-2335-1& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-3940 – Kernel: missing check during hugepage migration
https://notcve.org/view.php?id=CVE-2014-3940
The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c. El kernel de Linux hasta 3.14.5 no considera debidamente la presencia de entradas hugetlb, lo que permite a usuarios locales causar una denegación de servicio (corrupción de memoria o caída de sistema) mediante el acceso a ciertas localizaciones de memoria, tal y como fue demostrado mediante el aprovechamiento de una condición de carrera a través de operaciones de lectura numa_maps durante la migración a hugepage, relacionado con fs/proc/task_mmu.c y mm/mempolicy.c. A flaw was found in the way Linux kernel's Transparent Huge Pages (THP) implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugepages. • http://rhn.redhat.com/errata/RHSA-2015-0290.html http://rhn.redhat.com/errata/RHSA-2015-1272.html http://secunia.com/advisories/59011 http://secunia.com/advisories/61310 http://www.openwall.com/lists/oss-security/2014/06/02/5 http://www.securityfocus.com/bid/67786 https://bugzilla.redhat.com/show_bug.cgi?id=1104097 https://lkml.org/lkml/2014/3/18/784 https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html https://access.redhat.com/se • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2013-4345 – kernel: ansi_cprng: off by one error in non-block size request
https://notcve.org/view.php?id=CVE-2013-4345
Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. Error de superación en la función get_prng_bytes en crypto/ansi_cprng.c en el kernel de Linux hasta la versión 3.11.4 hace que sea más fácil para atacantes dependientes del contexto anular mecanismos de protección criptográficos a través de múltiples peticiones por pequeñas cantidades de datos, que conduce a la gestión inadecuada del estado de los datos consumidos. • http://marc.info/?l=linux-crypto-vger&m=137942122902845&w=2 http://rhn.redhat.com/errata/RHSA-2013-1449.html http://rhn.redhat.com/errata/RHSA-2013-1490.html http://rhn.redhat.com/errata/RHSA-2013-1645.html http://www.securityfocus.com/bid/62740 http://www.ubuntu.com/usn/USN-2064-1 http://www.ubuntu.com/usn/USN-2065-1 http://www.ubuntu.com/usn/USN-2068-1 http://www.ubuntu.com/usn/USN-2070-1 http://www.ubuntu.com/usn/USN-2071-1 http:& • CWE-189: Numeric Errors CWE-193: Off-by-one Error •