CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2014-7826 – kernel: insufficient syscall number validation in perf and ftrace subsystems
https://notcve.org/view.php?id=CVE-2014-7826
kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. kernel/trace/trace_syscalls.c en el kernel de Linux hasta 3.17.2 no maneja debidamente los números privados de las llamadas al sistema durante el uso del subsistema ftrace, lo que permite a usuarios locales ganar privilegios o causar una denegación de servicio (referencia a puntero inválido) a través de una aplicación manipulada. An out-of-bounds memory access flaw, CVE-2014-7825, was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system. Additionally, an out-of-bounds memory access flaw, CVE-2014-7826, was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=086ba77a6db00ed858ff07451bedee197df868c9 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://rhn.redhat.com/errata/RHSA-2014-1943.html http://rhn.redhat.com/errata/RHSA-2015-0290.html http://rhn.redhat.com/errata/RHSA-2015-0864.html http://www.openwall.com/lists/oss-security/2014/11/06/11 http:// • CWE-476: NULL Pointer Dereference •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 2CVE-2014-8480
https://notcve.org/view.php?id=CVE-2014-8480
The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 lacks intended decoder-table flags for certain RIP-relative instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application. El decodificador de instrucciones en arch/x86/kvm/emulate.c en el subsistema KVM en el kernel de Linux anterior a 3.18-rc2 le falta indicadores de las tablas del decodificador para ciertas instrucciones relacionados con RIP, lo que permite a usuarios del sistema operativo invitado causar una denegación de servicio (referencia a puntero nulo y caída del sistema operativo anfitrión) a través de una aplicación manipulada. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3f6f1480d86bf9fc16c160d803ab1d006e3058d5 http://thread.gmane.org/gmane.comp.emulators.kvm.devel/128427 http://www.openwall.com/lists/oss-security/2014/10/23/7 http://www.securityfocus.com/bid/70710 https://bugzilla.redhat.com/show_bug.cgi?id=1156615 https://github.com/torvalds/linux/commit/3f6f1480d86bf9fc16c160d803ab1d006e3058d5 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2014-7825 – kernel: insufficient syscall number validation in perf and ftrace subsystems
https://notcve.org/view.php?id=CVE-2014-7825
kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application. kernel/trace/trace_syscalls.c en el kernel de Linux hasta 3.17.2 no maneja debidamente los números privados de llamadas al sistema durante el uso del subsistema perf, lo que permite a usuarios locales causar una denegación de servicio (lectura fuera de rango y OOPS) o evadir el mecanismo de protección ASLR a través de una aplicación manipulada. An out-of-bounds memory access flaw, CVE-2014-7825, was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system. Additionally, an out-of-bounds memory access flaw, CVE-2014-7826, was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=086ba77a6db00ed858ff07451bedee197df868c9 http://rhn.redhat.com/errata/RHSA-2014-1943.html http://rhn.redhat.com/errata/RHSA-2015-0290.html http://rhn.redhat.com/errata/RHSA-2015-0864.html http://www.openwall.com/lists/oss-security/2014/11/06/11 http://www.securityfocus.com/bid/70972 https://bugzilla.redhat.com/show_bug.cgi?id=1161565 https://exchange.xforce.ibmcloud.com/vulnerabilities/98557 https:& • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2014-3690 – kernel: kvm: vmx: invalid host cr4 handling across vm entries
https://notcve.org/view.php?id=CVE-2014-3690
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU. arch/x86/kvm/vmx.c en el subsistema KVM en el kernel de Linux anterior a 3.17.2 en los procesadores Intel no asegura que el valor en el registro de control CR4 queda igual después de una entrada VM, lo que permite a usuarios del sistema operativo anfitrión cancelar varios procesos o causar una denegación de servicio (interrupción del sistema) mediante el aprovechamiento del acceso a /dev/kvm, tal y como fue demostrado por llamadas a prctl PR_SET_TSC dentro de una copia modificada de QEMU. It was found that the Linux kernel's KVM implementation did not ensure that the host CR4 control register value remained unchanged across VM entries on the same virtual CPU. A local, unprivileged user could use this flaw to cause a denial of service on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d974baa398f34393db76be45f7d4d04fbdbb4a0a http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://rhn.redhat.com/errata/RHSA-2015-0290.html http://rhn.redhat.com/errata/RHSA&# • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 90%CPEs: 21EXPL: 2CVE-2014-3673 – kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks
https://notcve.org/view.php?id=CVE-2014-3673
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. La implementación SCTP en el kernel de Linux hasta 3.17.2 permite a atacantes remotos causar una denegación de servicio (caída del sistema) a través de un chunk ASCONF malformado, relacionado con net/sctp/sm_make_chunk.c y net/sctp/sm_statefuns.c. A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled malformed Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9de7922bc709eee2f609cd01d98aaedc4cf5ea74 http://linux.oracle.com/errata/ELSA-2014-3087.html http://linux.oracle.com/errata/ELSA-2014-3088.html http://linux.oracle.com/errata/ELSA-2014-3089.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html • CWE-20: Improper Input Validation •