[USN-2334-1] Linux kernel vulnerabilities
Several security issues were fixed in the kernel.
An flaw was discovered in the Linux kernel's audit subsystem when auditing
certain syscalls. A local attacker could exploit this flaw to obtain
potentially sensitive single-bit values from kernel memory or cause a
denial of service (OOPS). (CVE-2014-3917)
An information leak was discovered in the rd_mcp backend of the iSCSI
target subsystem in the Linux kernel. A local user could exploit this flaw
to obtain sensitive information from ramdisk_mcp memory by leveraging
access to a SCSI initiator. (CVE-2014-4027)
Sasha Levin reported an issue with the Linux kernel's shared memory
subsystem when used with range notifications and hole punching. A local
user could exploit this flaw to cause a denial of service. (CVE-2014-4171)
Toralf Förster reported an error in the Linux kernels syscall auditing on
32 bit x86 platforms. A local user could exploit this flaw to cause a
denial of service (OOPS and system crash). (CVE-2014-4508)
An information leak was discovered in the control implemenation of the
Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A
local user could exploit this flaw to obtain sensitive information from
kernel memory. (CVE-2014-4652)
A use-after-free flaw was discovered in the Advanced Linux Sound
Architecture (ALSA) control implementation of the Linux kernel. A local
user could exploit this flaw to cause a denial of service (system crash).
(CVE-2014-4653)
A authorization bug was discovered with the snd_ctl_elem_add function of
the Advanced Linux Sound Architecture (ALSA) in the Linux kernel. A local
user could exploit his bug to cause a denial of service (remove kernel
controls). (CVE-2014-4654)
A flaw discovered in how the snd_ctl_elem function of the Advanced Linux
Sound Architecture (ALSA) handled a reference count. A local user could
exploit this flaw to cause a denial of service (integer overflow and limit
bypass). (CVE-2014-4655)
An integer overflow flaw was discovered in the control implementation of
the Advanced Linux Sound Architecture (ALSA). A local user could exploit
this flaw to cause a denial of service (system crash). (CVE-2014-4656)
An integer underflow flaw was discovered in the Linux kernel's handling of
the backlog value for certain SCTP packets. A remote attacker could exploit
this flaw to cause a denial of service (socket outage) via a crafted SCTP
packet. (CVE-2014-4667)
Jason Gunthorpe reported a flaw with SCTP authentication in the Linux
kernel. A remote attacker could exploit this flaw to cause a denial of
service (NULL pointer dereference and OOPS). (CVE-2014-5077)
- ID
- USN-2334-1
- Severity
- high
- Severity from
- CVE-2014-5077
- URL
- https://ubuntu.com/security/notices/USN-2334-1
- Published
-
2014-09-02T17:49:52
(10 years ago) - Modified
-
2014-09-02T17:49:52
(10 years ago) - Other Advisories
-
- ALAS-2014-368
- DSA-2992-1
- ELSA-2014-1023
- ELSA-2014-1143
- ELSA-2014-1167
- ELSA-2014-1281
- ELSA-2014-1392
- ELSA-2014-1724
- ELSA-2014-1971
- ELSA-2014-3067
- ELSA-2014-3068
- ELSA-2014-3069
- ELSA-2014-3072
- ELSA-2014-3073
- ELSA-2014-3074
- ELSA-2014-3081
- ELSA-2014-3082
- ELSA-2014-3083
- ELSA-2014-3096
- ELSA-2014-3103
- ELSA-2014-3104
- ELSA-2014-3105
- ELSA-2015-0087
- ELSA-2015-0102
- ELSA-2015-1272
- ELSA-2020-5934
- ELSA-2020-5936
- FEDORA-2014-11008
- FEDORA-2014-11031
- FEDORA-2014-13020
- FEDORA-2014-13045
- FEDORA-2014-13558
- FEDORA-2014-13773
- FEDORA-2014-14068
- FEDORA-2014-15200
- FEDORA-2014-16632
- FEDORA-2014-17244
- FEDORA-2014-17283
- FEDORA-2014-7033
- FEDORA-2014-7128
- FEDORA-2014-7320
- FEDORA-2014-7426
- FEDORA-2014-7430
- FEDORA-2014-7863
- FEDORA-2014-8171
- FEDORA-2014-8487
- FEDORA-2014-8519
- FEDORA-2014-9010
- FEDORA-2014-9142
- FEDORA-2014-9449
- FEDORA-2014-9466
- FEDORA-2014-9959
- FEDORA-2015-0515
- FEDORA-2015-1672
- FEDORA-2015-3594
- FEDORA-2015-5024
- FEDORA-2015-6294
- FEDORA-2015-8518
- RHSA-2014:1023
- RHSA-2014:1167
- RHSA-2014:1281
- RHSA-2014:1392
- RHSA-2014:1724
- RHSA-2014:1971
- RHSA-2015:0087
- RHSA-2015:0102
- RHSA-2015:1272
- SUSE-SU-2015:0481-1
- SUSE-SU-2015:0581-1
- SUSE-SU-2015:0652-1
- SUSE-SU-2015:0736-1
- SUSE-SU-2015:1174-1
- SUSE-SU-2015:1376-1
- USN-2281-1
- USN-2282-1
- USN-2285-1
- USN-2286-1
- USN-2287-1
- USN-2289-1
- USN-2313-1
- USN-2314-1
- USN-2332-1
- USN-2333-1
- USN-2335-1
- USN-2336-1
- USN-2337-1
- USN-2358-1
- USN-2359-1
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |