Branch sisyphus update bulletin.

Package kernel-image-std-def updated to version 3.14.17-alt1 for branch sisyphus in task 128797.

Published: 2014-07-17

BDU:2014-00052

Уязвимость операционной системы Linux, позволяющая злоумышленнику получить доступ к защищаемой информации

Severity: MEDIUM (4.9)

References:

CVE-2014-1738

Published: 2014-05-11

BDU:2014-00053

Уязвимость операционной системы Linux, позволяющая злоумышленнику получить доступ к защищаемой информации

Severity: HIGH (7.2)

References:

CVE-2014-1737

Published: 2014-02-28

BDU:2014-00054

Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании, повысить свои привилегии или выполнить произвольный код

Severity: MEDIUM (6.2)

References:

CVE-2014-0069

Published: 2014-03-11

BDU:2014-00055

Severity: HIGH (7.4)

References:

CVE-2014-0049

Published: 2014-05-11

BDU:2014-00060

Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: MEDIUM (4.9)

References:

CVE-2014-3122

Published: 2014-05-11

BDU:2014-00062

Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: MEDIUM (4.9)

References:

CVE-2014-3144

Published: 2014-06-07

BDU:2014-00063

Уязвимость ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании

Severity: HIGH (7.2)

References:

Published: 2014-05-11

BDU:2014-00064

Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: MEDIUM (4.9)

References:

CVE-2014-3145

Published: 2014-01-15

BDU:2014-00065

Уязвимость операционной системы Linux, позволяющая злоумышленнику повысить свои привилегии

References:

CVE-2014-0038

Published: 2014-05-07

BDU:2014-00109

Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании или повысить свои привилегии

References:

CVE-2014-0196

Published: 2014-05-11

BDU:2014-00110

Уязвимость операционной системы Linux, позволяющая злоумышленнику повысить свои привилегии

Severity: HIGH (7.2)

References:

CVE-2014-1737

Published: 2014-05-11

BDU:2014-00111

Уязвимость операционной системы Linux, позволяющая злоумышленнику повысить свои привилегии

Severity: MEDIUM (4.9)

References:

CVE-2014-1738

Published: 2014-05-07

BDU:2014-00333

References:

Published: 2014-05-11

BDU:2014-00334

Severity: HIGH (7.2)

References:

Published: 2014-04-14

BDU:2014-00335

References:

Published: 2014-05-11

BDU:2014-00336

Severity: MEDIUM (4.9)

References:

Published: 2013-01-22

BDU:2015-04307

Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0)

References:

Published: 1970-01-01

BDU:2015-04308

Severity: CRITICAL (10.0)

References:

Published: 1970-01-01

BDU:2015-04309

Severity: CRITICAL (10.0)

References:

Published: 1970-01-01

BDU:2015-04310

Severity: CRITICAL (10.0)

References:

Published: 2014-03-11

BDU:2015-05685

Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05686

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05687

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05688

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05689

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05690

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05691

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05692

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05693

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05694

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05695

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05696

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05697

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05698

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05699

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05700

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05701

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05702

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05703

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05704

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05705

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05706

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05707

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05708

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05709

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05710

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05711

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05712

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05713

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05714

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05715

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05716

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05717

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05718

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05719

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05720

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05721

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05722

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05723

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05724

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05725

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05726

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05727

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05728

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05729

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05730

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05731

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05732

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05733

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05734

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05735

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05736

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05737

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05738

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05739

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05740

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05741

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05742

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05743

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05744

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05745

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05746

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05747

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05748

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05749

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05750

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05751

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05752

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05753

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05754

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05755

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05756

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05757

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05758

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05759

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05760

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05761

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05762

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05763

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05764

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05765

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05766

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05767

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05768

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05769

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05770

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05771

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05772

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05773

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05774

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05775

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05776

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05777

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05778

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05779

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05780

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05781

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05782

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05783

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05784

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05785

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05786

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05787

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05788

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05789

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05790

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05791

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05792

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05793

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05794

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05795

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05796

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05797

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05798

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05799

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05800

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05801

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05802

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05803

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05804

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05805

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05806

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05807

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05808

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05809

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05810

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05811

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05812

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05813

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05814

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05815

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05816

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05817

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05818

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05819

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05820

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05821

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05822

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05823

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05824

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05825

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05826

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05827

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05828

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05829

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05830

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05831

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05832

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05833

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05834

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05835

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05836

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05837

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05838

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05839

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05840

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05841

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05842

Severity: CRITICAL (9.3)

References:

Published: 1970-01-01

BDU:2015-05843

Severity: CRITICAL (9.3)

References:

Published: 2014-06-07

BDU:2015-05900

Уязвимость операционной системы openSUSE, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.2)

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05901

Severity: HIGH (7.2)

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05902

Severity: HIGH (7.2)

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05903

Severity: HIGH (7.2)

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05904

Severity: HIGH (7.2)

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05905

Severity: HIGH (7.2)

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05906

Severity: HIGH (7.2)

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05907

Severity: HIGH (7.2)

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05908

Severity: HIGH (7.2)

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05909

Severity: HIGH (7.2)

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05910

Severity: HIGH (7.2)

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05911

Severity: HIGH (7.2)

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05912

Severity: HIGH (7.2)

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05913

Severity: HIGH (7.2)

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05914

Severity: HIGH (7.2)

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05915

Severity: HIGH (7.2)

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05916

Severity: HIGH (7.2)

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05917

Severity: HIGH (7.2)

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05918

Severity: HIGH (7.2)

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05919

Severity: HIGH (7.2)

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05920

Severity: HIGH (7.2)

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05921

Severity: HIGH (7.2)

References:

CVE-2014-3153

Published: 1970-01-01

BDU:2015-05922

Severity: HIGH (7.2)

References:

CVE-2014-3153

Published: 2015-03-24

BDU:2015-09845

Уязвимости операционной системы Ubuntu, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.2)

References:

Published: 2017-04-25

BDU:2017-01145

Уязвимость операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.9)

References:

CVE-2017-8106

Published: 2017-05-03

BDU:2017-01159

Уязвимость компонента kernel/events/core.c ядра операционной системы Android, позволяющая нарушителю повысить свои привилегии

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2014-02-07
Modified: 2024-11-21

CVE-2014-0038

The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.

References:

Published: 2014-03-11
Modified: 2024-11-21

CVE-2014-0049

Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancel_work_item data.

Severity: HIGH (7.4)

References:

Published: 2014-02-28
Modified: 2024-11-21

CVE-2014-0069

The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.

Severity: HIGH (7.2)

References:

Published: 2014-04-15
Modified: 2024-11-21

CVE-2014-0077

drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.

Severity: MEDIUM (5.5)

References:

Published: 2014-03-11
Modified: 2024-11-21

CVE-2014-0102

The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service (OOPS) via crafted keyctl commands.

Severity: MEDIUM (5.2)

References:

Published: 2014-03-24
Modified: 2024-11-21

CVE-2014-0131

Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.

Severity: LOW (2.9)

References:

Published: 2014-04-15
Modified: 2024-11-21

CVE-2014-0155

The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced.

Severity: MEDIUM (5.5)

References:

Published: 2014-04-27
Modified: 2024-11-21

CVE-2014-0181

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.

Severity: LOW (2.1)

References:

Published: 2014-05-07
Modified: 2024-11-21

CVE-2014-0196

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.

References:

Published: 2014-05-12
Modified: 2024-11-21

CVE-2014-1737

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.

Severity: HIGH (7.2)

References:

Published: 2014-05-12
Modified: 2024-11-21

CVE-2014-1738

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.

Severity: LOW (2.1)

References:

Published: 2014-06-23
Modified: 2024-11-21

CVE-2014-1739

The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.

Severity: LOW (2.1)

References:

Published: 2014-02-28
Modified: 2024-11-21

CVE-2014-1874

The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.

Severity: MEDIUM (4.9)

References:

Published: 2014-02-28
Modified: 2024-11-21

CVE-2014-2038

The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by writing to a file in an NFS filesystem and then reading the same file.

Severity: LOW (2.1)

References:

Published: 2014-02-28
Modified: 2024-11-21

CVE-2014-2039

arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s390 platform does not properly handle attempted use of the linkage stack, which allows local users to cause a denial of service (system crash) by executing a crafted instruction.

Severity: MEDIUM (4.9)

References:

Published: 2014-03-11
Modified: 2024-11-21

CVE-2014-2309

The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets.

Severity: MEDIUM (6.1)

References:

Published: 2014-03-24
Modified: 2024-11-21

CVE-2014-2568

Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced.

Severity: LOW (2.9)

References:

Published: 2014-04-01
Modified: 2024-11-21

CVE-2014-2673

The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service (Program Check and system crash) via certain instructions that are executed with the processor in the Transactional state.

Severity: MEDIUM (4.7)

References:

Published: 2014-04-01
Modified: 2024-11-21

CVE-2014-2678

The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.

Severity: MEDIUM (4.7)

References:

Published: 2014-04-15
Modified: 2024-11-21

CVE-2014-2851

Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.

References:

Published: 2014-05-12
Modified: 2024-11-21

CVE-2014-3122

The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings.

Severity: MEDIUM (4.9)

References:

Published: 2014-05-12
Modified: 2024-11-21

CVE-2014-3144

The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced.

Severity: MEDIUM (4.9)

References:

Published: 2014-05-12
Modified: 2024-11-21

CVE-2014-3145

The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced.

Severity: MEDIUM (4.9)

References:

Published: 2014-06-07
Modified: 2024-11-21

CVE-2014-3153

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2014-06-05
Modified: 2024-11-21

CVE-2014-3917

kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.

Severity: LOW (3.3)

References:

Published: 2014-06-05
Modified: 2024-11-21

CVE-2014-3940

The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c.

Severity: MEDIUM (4.0)

References:

Published: 2014-06-23
Modified: 2024-11-21

CVE-2014-4014

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.

Severity: MEDIUM (6.2)

References:

Published: 2014-06-23
Modified: 2024-11-21

CVE-2014-4027

The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.

Severity: LOW (2.3)

References:

Published: 2014-06-23
Modified: 2024-11-21

CVE-2014-4157

arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure _TIF_SECCOMP checks on the fast system-call path, which allows local users to bypass intended PR_SET_SECCOMP restrictions by executing a crafted application without invoking a trace or audit subsystem.

Severity: MEDIUM (4.6)

References:

Published: 2014-10-13
Modified: 2024-11-21

CVE-2014-7283

The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a denial of service (filesystem corruption, and OOPS or panic) via operations on directories that have hash collisions, as demonstrated by rmdir operations.

Severity: MEDIUM (4.9)

References:

Published: 2014-11-10
Modified: 2024-11-21

CVE-2014-8709

The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext information by reading packets.

Severity: MEDIUM (5.0)

References:

Published: 2015-05-27
Modified: 2024-11-21

CVE-2014-9715

include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment.

Severity: MEDIUM (4.9)

References:

Published: 2015-03-16
Modified: 2024-11-21

CVE-2015-0274

The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges by leveraging XFS filesystem access.

Severity: HIGH (7.2)

References:

Published: 2016-05-02
Modified: 2024-11-21

CVE-2015-4170

Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread.

Severity: MEDIUM (4.7) Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2017-05-03
Modified: 2024-11-21

CVE-2015-9004

kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2017-04-25
Modified: 2024-11-21

CVE-2017-8106

The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Package virtualbox updated to version 4.3.14-alt1 for branch sisyphus in task 128920.

Published: 2014-03-31
Modified: 2024-11-21

CVE-2014-0981

VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.

Severity: MEDIUM (4.4)

References:

Published: 2014-03-31
Modified: 2024-11-21

CVE-2014-0983

Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted index, which are not properly handled by the (1) CR_VERTEXATTRIB4NUBARB_OPCODE to the crServerDispatchVertexAttrib4NubARB function, (2) CR_VERTEXATTRIB1DARB_OPCODE to the crServerDispatchVertexAttrib1dARB function, (3) CR_VERTEXATTRIB1FARB_OPCODE to the crServerDispatchVertexAttrib1fARB function, (4) CR_VERTEXATTRIB1SARB_OPCODE to the crServerDispatchVertexAttrib1sARB function, (5) CR_VERTEXATTRIB2DARB_OPCODE to the crServerDispatchVertexAttrib2dARB function, (6) CR_VERTEXATTRIB2FARB_OPCODE to the crServerDispatchVertexAttrib2fARB function, (7) CR_VERTEXATTRIB2SARB_OPCODE to the crServerDispatchVertexAttrib2sARB function, (8) CR_VERTEXATTRIB3DARB_OPCODE to the crServerDispatchVertexAttrib3dARB function, (9) CR_VERTEXATTRIB3FARB_OPCODE to the crServerDispatchVertexAttrib3fARB function, (10) CR_VERTEXATTRIB3SARB_OPCODE to the crServerDispatchVertexAttrib3sARB function, (11) CR_VERTEXATTRIB4DARB_OPCODE to the crServerDispatchVertexAttrib4dARB function, (12) CR_VERTEXATTRIB4FARB_OPCODE to the crServerDispatchVertexAttrib4fARB function, and (13) CR_VERTEXATTRIB4SARB_OPCODE to the crServerDispatchVertexAttrib4sARB function.

References:

Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-2477

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2486.

Severity: LOW (3.6)

References:

Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-2486

Severity: LOW (3.0)

References:

Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-2488

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality via unknown vectors related to Core.

Severity: LOW (1.0)

References:

Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-2489

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.

Severity: MEDIUM (4.1)

References:

Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-4228

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests.

Severity: MEDIUM (4.4)

References:

Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-4261

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2487.

References:

Published: 2014-10-16
Modified: 2024-11-21

CVE-2014-6540

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, before 4.2.26, and before 4.3.14 allows local users to affect availability via vectors related to Graphics driver (WDDM) for Windows guests.

Severity: LOW (1.9)

References:

Package kernel-modules-virtualbox-std-def updated to version 4.3.14-alt1.200209.1 for branch sisyphus in task 128920.

Published: 2014-03-31
Modified: 2024-11-21

CVE-2014-0981

Severity: MEDIUM (4.4)

References:

Published: 2014-03-31
Modified: 2024-11-21

CVE-2014-0983

References:

Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-2477

Severity: LOW (3.6)

References:

Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-2486

Severity: LOW (3.0)

References:

Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-2488

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality via unknown vectors related to Core.

Severity: LOW (1.0)

References:

Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-2489

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.

Severity: MEDIUM (4.1)

References:

Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-4228

Severity: MEDIUM (4.4)

References:

Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-4261

References:

Published: 2014-10-16
Modified: 2024-11-21

CVE-2014-6540

Severity: LOW (1.9)

References:

Package kernel-modules-virtualbox-addition-std-def updated to version 4.3.14-alt1.200209.1 for branch sisyphus in task 128920.

Published: 2014-03-31
Modified: 2024-11-21

CVE-2014-0981

Severity: MEDIUM (4.4)

References:

Published: 2014-03-31
Modified: 2024-11-21

CVE-2014-0983

References:

Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-2477

Severity: LOW (3.6)

References:

Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-2486

Severity: LOW (3.0)

References:

Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-2488

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality via unknown vectors related to Core.

Severity: LOW (1.0)

References:

Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-2489

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.

Severity: MEDIUM (4.1)

References:

Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-4228

Severity: MEDIUM (4.4)

References:

Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-4261

References:

Published: 2014-10-16
Modified: 2024-11-21

CVE-2014-6540

Severity: LOW (1.9)

References:

Package kernel-modules-virtualbox-un-def updated to version 4.3.14-alt1.200705.1 for branch sisyphus in task 128920.

Published: 2014-03-31
Modified: 2024-11-21

CVE-2014-0981

Severity: MEDIUM (4.4)

References:

Published: 2014-03-31
Modified: 2024-11-21

CVE-2014-0983

References:

Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-2477

Severity: LOW (3.6)

References:

Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-2486

Severity: LOW (3.0)

References:

Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-2488

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality via unknown vectors related to Core.

Severity: LOW (1.0)

References:

Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-2489

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.

Severity: MEDIUM (4.1)

References:

Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-4228

Severity: MEDIUM (4.4)

References:

Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-4261

References:

Published: 2014-10-16
Modified: 2024-11-21

CVE-2014-6540

Severity: LOW (1.9)

References:

Version: 2.1.0

ALT-BU-2014-2956-1

Closed vulnerabilities