MEDIUM4.9
Уязвимость операционной системы Linux, позволяющая злоумышленнику получить доступ к защищаемой информации
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:N/A:NReferences
ALT-PU-2014-1638-1Package update kernel-image-un-def in branch c7
Severity:
Closed issues (18)
HIGH7.2
Уязвимость операционной системы Linux, позволяющая злоумышленнику получить доступ к защищаемой информации
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:CReferences
MEDIUM4.9
Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CReferences
MEDIUM4.9
Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CReferences
MEDIUM6.9
Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании или повысить свои привилегии
CVSS 2.0MEDIUM 6.9
CVSS:2.0/AV:L/AC:M/Au:N/C:C/I:C/A:CReferences
HIGH7.2
Уязвимость операционной системы Linux, позволяющая злоумышленнику повысить свои привилегии
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:CReferences
MEDIUM4.9
Уязвимость операционной системы Linux, позволяющая злоумышленнику повысить свои привилегии
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:N/A:NReferences
MEDIUM6.9
Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании или повысить свои привилегии
CVSS 2.0MEDIUM 6.9
CVSS:2.0/AV:L/AC:M/Au:N/C:C/I:C/A:CReferences
HIGH7.2
Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании или повысить свои привилегии
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:CReferences
CRITICAL10.0
Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
- CVE-2012-2372
- CVE-2013-2929
- CVE-2013-4299
- CVE-2013-4579
- CVE-2013-6382
- CVE-2013-7339
- CVE-2014-0055
- CVE-2014-0077
- CVE-2014-0101
- CVE-2014-0131
- CVE-2014-0155
- CVE-2014-1444
- CVE-2014-1445
- CVE-2014-1446
- CVE-2014-1874
- CVE-2014-2309
- CVE-2014-2523
- CVE-2014-2678
- CVE-2014-2851
- CVE-2014-3122
- CVE-2014-3144
- CVE-2014-3145
- CVE-2014-3917
- CVE-2014-4652
- CVE-2014-4653
- CVE-2014-4654
- CVE-2014-4655
- CVE-2014-4656
- CVE-2014-4699
CRITICAL10.0
Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
- CVE-2012-2372
- CVE-2013-2929
- CVE-2013-4299
- CVE-2013-4579
- CVE-2013-6382
- CVE-2013-7339
- CVE-2014-0055
- CVE-2014-0077
- CVE-2014-0101
- CVE-2014-0131
- CVE-2014-0155
- CVE-2014-1444
- CVE-2014-1445
- CVE-2014-1446
- CVE-2014-1874
- CVE-2014-2309
- CVE-2014-2523
- CVE-2014-2678
- CVE-2014-2851
- CVE-2014-3122
- CVE-2014-3144
- CVE-2014-3145
- CVE-2014-3917
- CVE-2014-4652
- CVE-2014-4653
- CVE-2014-4654
- CVE-2014-4655
- CVE-2014-4656
- CVE-2014-4699
CRITICAL10.0
Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
- CVE-2012-2372
- CVE-2013-2929
- CVE-2013-4299
- CVE-2013-4579
- CVE-2013-6382
- CVE-2013-7339
- CVE-2014-0055
- CVE-2014-0077
- CVE-2014-0101
- CVE-2014-0131
- CVE-2014-0155
- CVE-2014-1444
- CVE-2014-1445
- CVE-2014-1446
- CVE-2014-1874
- CVE-2014-2309
- CVE-2014-2523
- CVE-2014-2678
- CVE-2014-2851
- CVE-2014-3122
- CVE-2014-3144
- CVE-2014-3145
- CVE-2014-3917
- CVE-2014-4652
- CVE-2014-4653
- CVE-2014-4654
- CVE-2014-4655
- CVE-2014-4656
- CVE-2014-4699
CRITICAL10.0
Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
- CVE-2012-2372
- CVE-2013-2929
- CVE-2013-4299
- CVE-2013-4579
- CVE-2013-6382
- CVE-2013-7339
- CVE-2014-0055
- CVE-2014-0077
- CVE-2014-0101
- CVE-2014-0131
- CVE-2014-0155
- CVE-2014-1444
- CVE-2014-1445
- CVE-2014-1446
- CVE-2014-1874
- CVE-2014-2309
- CVE-2014-2523
- CVE-2014-2678
- CVE-2014-2851
- CVE-2014-3122
- CVE-2014-3144
- CVE-2014-3145
- CVE-2014-3917
- CVE-2014-4652
- CVE-2014-4653
- CVE-2014-4654
- CVE-2014-4655
- CVE-2014-4656
- CVE-2014-4699
MEDIUM5.5
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
CVSS 2.0MEDIUM 6.9
CVSS:2.0/AV:L/AC:M/Au:N/C:C/I:C/A:CCVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HReferences
- http://bugzilla.novell.com/show_bug.cgi?id=875690
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00
- http://linux.oracle.com/errata/ELSA-2014-0771.html
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html
- http://pastebin.com/raw.php?i=yTSFUBgZ
- http://rhn.redhat.com/errata/RHSA-2014-0512.html
- http://secunia.com/advisories/59218
- http://secunia.com/advisories/59262
- http://secunia.com/advisories/59599
- http://source.android.com/security/bulletin/2016-07-01.html
- http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.html
- http://www.debian.org/security/2014/dsa-2926
- http://www.debian.org/security/2014/dsa-2928
- http://www.exploit-db.com/exploits/33516
- http://www.openwall.com/lists/oss-security/2014/05/05/6
- http://www.osvdb.org/106646
- http://www.ubuntu.com/usn/USN-2196-1
- http://www.ubuntu.com/usn/USN-2197-1
- http://www.ubuntu.com/usn/USN-2198-1
- http://www.ubuntu.com/usn/USN-2199-1
- http://www.ubuntu.com/usn/USN-2200-1
- http://www.ubuntu.com/usn/USN-2201-1
- http://www.ubuntu.com/usn/USN-2202-1
- http://www.ubuntu.com/usn/USN-2203-1
- http://www.ubuntu.com/usn/USN-2204-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1094232
- https://github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00
- http://bugzilla.novell.com/show_bug.cgi?id=875690
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00
- http://linux.oracle.com/errata/ELSA-2014-0771.html
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html
- http://pastebin.com/raw.php?i=yTSFUBgZ
- http://rhn.redhat.com/errata/RHSA-2014-0512.html
- http://secunia.com/advisories/59218
- http://secunia.com/advisories/59262
- http://secunia.com/advisories/59599
- http://source.android.com/security/bulletin/2016-07-01.html
- http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.html
- http://www.debian.org/security/2014/dsa-2926
- http://www.debian.org/security/2014/dsa-2928
- http://www.exploit-db.com/exploits/33516
- http://www.openwall.com/lists/oss-security/2014/05/05/6
- http://www.osvdb.org/106646
- http://www.ubuntu.com/usn/USN-2196-1
- http://www.ubuntu.com/usn/USN-2197-1
- http://www.ubuntu.com/usn/USN-2198-1
- http://www.ubuntu.com/usn/USN-2199-1
- http://www.ubuntu.com/usn/USN-2200-1
- http://www.ubuntu.com/usn/USN-2201-1
- http://www.ubuntu.com/usn/USN-2202-1
- http://www.ubuntu.com/usn/USN-2203-1
- http://www.ubuntu.com/usn/USN-2204-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1094232
- https://github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0196
HIGH7.2
The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:CReferences
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c
- http://linux.oracle.com/errata/ELSA-2014-0771.html
- http://linux.oracle.com/errata/ELSA-2014-3043.html
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html
- http://rhn.redhat.com/errata/RHSA-2014-0800.html
- http://rhn.redhat.com/errata/RHSA-2014-0801.html
- http://secunia.com/advisories/59262
- http://secunia.com/advisories/59309
- http://secunia.com/advisories/59406
- http://secunia.com/advisories/59599
- http://www.debian.org/security/2014/dsa-2926
- http://www.debian.org/security/2014/dsa-2928
- http://www.openwall.com/lists/oss-security/2014/05/09/2
- http://www.securityfocus.com/bid/67300
- http://www.securitytracker.com/id/1030474
- https://bugzilla.redhat.com/show_bug.cgi?id=1094299
- https://github.com/torvalds/linux/commit/ef87dbe7614341c2e7bfe8d32fcb7028cc97442c
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c
- http://linux.oracle.com/errata/ELSA-2014-0771.html
- http://linux.oracle.com/errata/ELSA-2014-3043.html
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html
- http://rhn.redhat.com/errata/RHSA-2014-0800.html
- http://rhn.redhat.com/errata/RHSA-2014-0801.html
- http://secunia.com/advisories/59262
- http://secunia.com/advisories/59309
- http://secunia.com/advisories/59406
- http://secunia.com/advisories/59599
- http://www.debian.org/security/2014/dsa-2926
- http://www.debian.org/security/2014/dsa-2928
- http://www.openwall.com/lists/oss-security/2014/05/09/2
- http://www.securityfocus.com/bid/67300
- http://www.securitytracker.com/id/1030474
- https://bugzilla.redhat.com/show_bug.cgi?id=1094299
- https://github.com/torvalds/linux/commit/ef87dbe7614341c2e7bfe8d32fcb7028cc97442c
LOW2.1
The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NReferences
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2145e15e0557a01b9195d1c7199a1b92cb9be81f
- http://linux.oracle.com/errata/ELSA-2014-0771.html
- http://linux.oracle.com/errata/ELSA-2014-3043.html
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html
- http://rhn.redhat.com/errata/RHSA-2014-0800.html
- http://rhn.redhat.com/errata/RHSA-2014-0801.html
- http://secunia.com/advisories/59262
- http://secunia.com/advisories/59309
- http://secunia.com/advisories/59406
- http://secunia.com/advisories/59599
- http://www.debian.org/security/2014/dsa-2926
- http://www.debian.org/security/2014/dsa-2928
- http://www.openwall.com/lists/oss-security/2014/05/09/2
- http://www.securityfocus.com/bid/67302
- http://www.securitytracker.com/id/1030474
- https://bugzilla.redhat.com/show_bug.cgi?id=1094299
- https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2145e15e0557a01b9195d1c7199a1b92cb9be81f
- http://linux.oracle.com/errata/ELSA-2014-0771.html
- http://linux.oracle.com/errata/ELSA-2014-3043.html
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html
- http://rhn.redhat.com/errata/RHSA-2014-0800.html
- http://rhn.redhat.com/errata/RHSA-2014-0801.html
- http://secunia.com/advisories/59262
- http://secunia.com/advisories/59309
- http://secunia.com/advisories/59406
- http://secunia.com/advisories/59599
- http://www.debian.org/security/2014/dsa-2926
- http://www.debian.org/security/2014/dsa-2928
- http://www.openwall.com/lists/oss-security/2014/05/09/2
- http://www.securityfocus.com/bid/67302
- http://www.securitytracker.com/id/1030474
- https://bugzilla.redhat.com/show_bug.cgi?id=1094299
- https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f
MEDIUM4.9
The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced.
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CReferences
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=05ab8f2647e4221cbdb3856dd7d32bd5407316b3
- http://linux.oracle.com/errata/ELSA-2014-3052.html
- http://secunia.com/advisories/58990
- http://secunia.com/advisories/59311
- http://secunia.com/advisories/59597
- http://secunia.com/advisories/60613
- http://www.debian.org/security/2014/dsa-2949
- http://www.openwall.com/lists/oss-security/2014/05/09/6
- http://www.securityfocus.com/bid/67309
- http://www.ubuntu.com/usn/USN-2251-1
- http://www.ubuntu.com/usn/USN-2252-1
- http://www.ubuntu.com/usn/USN-2259-1
- http://www.ubuntu.com/usn/USN-2261-1
- http://www.ubuntu.com/usn/USN-2262-1
- http://www.ubuntu.com/usn/USN-2263-1
- http://www.ubuntu.com/usn/USN-2264-1
- https://github.com/torvalds/linux/commit/05ab8f2647e4221cbdb3856dd7d32bd5407316b3
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=05ab8f2647e4221cbdb3856dd7d32bd5407316b3
- http://linux.oracle.com/errata/ELSA-2014-3052.html
- http://secunia.com/advisories/58990
- http://secunia.com/advisories/59311
- http://secunia.com/advisories/59597
- http://secunia.com/advisories/60613
- http://www.debian.org/security/2014/dsa-2949
- http://www.openwall.com/lists/oss-security/2014/05/09/6
- http://www.securityfocus.com/bid/67309
- http://www.ubuntu.com/usn/USN-2251-1
- http://www.ubuntu.com/usn/USN-2252-1
- http://www.ubuntu.com/usn/USN-2259-1
- http://www.ubuntu.com/usn/USN-2261-1
- http://www.ubuntu.com/usn/USN-2262-1
- http://www.ubuntu.com/usn/USN-2263-1
- http://www.ubuntu.com/usn/USN-2264-1
- https://github.com/torvalds/linux/commit/05ab8f2647e4221cbdb3856dd7d32bd5407316b3
MEDIUM4.9
The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced.
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CReferences
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=05ab8f2647e4221cbdb3856dd7d32bd5407316b3
- http://linux.oracle.com/errata/ELSA-2014-3052.html
- http://secunia.com/advisories/58990
- http://secunia.com/advisories/59311
- http://secunia.com/advisories/59597
- http://secunia.com/advisories/60613
- http://www.debian.org/security/2014/dsa-2949
- http://www.openwall.com/lists/oss-security/2014/05/09/6
- http://www.securityfocus.com/bid/67321
- http://www.securitytracker.com/id/1038201
- http://www.ubuntu.com/usn/USN-2251-1
- http://www.ubuntu.com/usn/USN-2252-1
- http://www.ubuntu.com/usn/USN-2259-1
- http://www.ubuntu.com/usn/USN-2261-1
- http://www.ubuntu.com/usn/USN-2262-1
- http://www.ubuntu.com/usn/USN-2263-1
- http://www.ubuntu.com/usn/USN-2264-1
- https://github.com/torvalds/linux/commit/05ab8f2647e4221cbdb3856dd7d32bd5407316b3
- https://source.android.com/security/bulletin/2017-04-01
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=05ab8f2647e4221cbdb3856dd7d32bd5407316b3
- http://linux.oracle.com/errata/ELSA-2014-3052.html
- http://secunia.com/advisories/58990
- http://secunia.com/advisories/59311
- http://secunia.com/advisories/59597
- http://secunia.com/advisories/60613
- http://www.debian.org/security/2014/dsa-2949
- http://www.openwall.com/lists/oss-security/2014/05/09/6
- http://www.securityfocus.com/bid/67321
- http://www.securitytracker.com/id/1038201
- http://www.ubuntu.com/usn/USN-2251-1
- http://www.ubuntu.com/usn/USN-2252-1
- http://www.ubuntu.com/usn/USN-2259-1
- http://www.ubuntu.com/usn/USN-2261-1
- http://www.ubuntu.com/usn/USN-2262-1
- http://www.ubuntu.com/usn/USN-2263-1
- http://www.ubuntu.com/usn/USN-2264-1
- https://github.com/torvalds/linux/commit/05ab8f2647e4221cbdb3856dd7d32bd5407316b3
- https://source.android.com/security/bulletin/2017-04-01