CVE-2014-7826
kernel: insufficient syscall number validation in perf and ftrace subsystems
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application.
kernel/trace/trace_syscalls.c en el kernel de Linux hasta 3.17.2 no maneja debidamente los números privados de las llamadas al sistema durante el uso del subsistema ftrace, lo que permite a usuarios locales ganar privilegios o causar una denegación de servicio (referencia a puntero inválido) a través de una aplicación manipulada.
An out-of-bounds memory access flaw, CVE-2014-7825, was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system. Additionally, an out-of-bounds memory access flaw, CVE-2014-7826, was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges.
USN-2448-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem. An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-10-03 CVE Reserved
- 2014-11-10 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=086ba77a6db00ed858ff07451bedee197df868c9 | X_refsource_confirm | |
| http://www.securityfocus.com/bid/70971 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98556 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/torvalds/linux/commit/086ba77a6db00ed858ff07451bedee197df868c9 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/11/06/11 | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1161565 | 2015-04-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.32 < 3.2.65 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.32 < 3.2.65" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.3 < 3.4.106 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.4.106" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.5 < 3.10.60 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 3.10.60" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.11 < 3.12.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 3.12.33" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.13 < 3.14.24 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 3.14.24" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.15 < 3.16.35 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 3.16.35" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 3.17.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.17.3" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Evergreen Search vendor "Opensuse" for product "Evergreen" | 11.4 Search vendor "Opensuse" for product "Evergreen" and version "11.4" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11" | sp2, ltss |
Affected
| ||||||