CVE-2014-7825

CVSS v3.1 7.8 (High)

CVSS v2.0 7.2 (High)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 24

kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application.

Weaknesses

CWE-125: Out-of-bounds Read

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2014-11-10 11:55:08
(9 years ago)
Updated Date: 2023-02-13 00:42:32
(19 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 2.6.32 version and prior 3.2.65 version	cpe:2.3:o:linux:linux_kernel	>= 2.6.32	< 3.2.65
Linux Kernel from 3.3 version and prior 3.4.106 version	cpe:2.3:o:linux:linux_kernel	>= 3.3	< 3.4.106
Linux Kernel from 3.5 version and prior 3.10.60 version	cpe:2.3:o:linux:linux_kernel	>= 3.5	< 3.10.60
Linux Kernel from 3.11 version and prior 3.12.33 version	cpe:2.3:o:linux:linux_kernel	>= 3.11	< 3.12.33
Linux Kernel from 3.13 version and prior 3.14.24 version	cpe:2.3:o:linux:linux_kernel	>= 3.13	< 3.14.24
Linux Kernel from 3.15 version and prior 3.16.35 version	cpe:2.3:o:linux:linux_kernel	>= 3.15	< 3.16.35
Linux Kernel from 3.17 version and prior 3.17.3 version	cpe:2.3:o:linux:linux_kernel	>= 3.17	< 3.17.3