All errata/t7/ALT-PU-2014-1645-1
ALT-PU-2014-1645-1

Package update kernel-image-un-def in branch t7

Version3.14.4-alt1
Task#119834
Published2014-05-16
Max severityCRITICAL
Severity:

Closed issues (28)

BDU:2014-00052
MEDIUM4.9

Уязвимость операционной системы Linux, позволяющая злоумышленнику получить доступ к защищаемой информации

Published: 2016-07-05Modified: 2016-11-28
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:N/A:N
References
BDU:2014-00053
HIGH7.2

Уязвимость операционной системы Linux, позволяющая злоумышленнику получить доступ к защищаемой информации

Published: 2016-07-05Modified: 2016-11-28
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2014-00060
MEDIUM4.9

Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании

Published: 2016-07-05Modified: 2016-11-28
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C
References
BDU:2014-00062
MEDIUM4.9

Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании

Published: 2016-07-05Modified: 2017-06-21
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C
References
BDU:2014-00064
MEDIUM4.9

Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании

Published: 2016-07-05Modified: 2016-11-28
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C
References
BDU:2014-00109
MEDIUM6.9

Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании или повысить свои привилегии

Published: 2016-07-05Modified: 2026-04-22
CVSS 2.0MEDIUM 6.9
CVSS:2.0/AV:L/AC:M/Au:N/C:C/I:C/A:C
References
BDU:2014-00110
HIGH7.2

Уязвимость операционной системы Linux, позволяющая злоумышленнику повысить свои привилегии

Published: 2016-07-05Modified: 2016-11-28
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2014-00111
MEDIUM4.9

Уязвимость операционной системы Linux, позволяющая злоумышленнику повысить свои привилегии

Published: 2016-07-05Modified: 2016-11-28
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:N/A:N
References
BDU:2014-00333
MEDIUM6.9

Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании или повысить свои привилегии

Published: 2016-07-05Modified: 2017-06-21
CVSS 2.0MEDIUM 6.9
CVSS:2.0/AV:L/AC:M/Au:N/C:C/I:C/A:C
References
BDU:2014-00334
HIGH7.2

Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании или повысить свои привилегии

Published: 2016-07-05Modified: 2016-11-28
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2014-00335
MEDIUM6.9

Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании или повысить свои привилегии

Published: 2016-07-05Modified: 2016-11-28
CVSS 2.0MEDIUM 6.9
CVSS:2.0/AV:L/AC:M/Au:N/C:C/I:C/A:C
References
BDU:2014-00336
MEDIUM4.9

Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании или повысить свои привилегии

Published: 2016-07-05Modified: 2016-11-28
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C
References
BDU:2015-04307
CRITICAL10.0

Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Published: 2015-04-28Modified: 2026-04-30
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2015-04308
CRITICAL10.0

Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Published: 2015-04-28Modified: 2016-11-28
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2015-04309
CRITICAL10.0

Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Published: 2015-04-28Modified: 2016-11-28
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2015-04310
CRITICAL10.0

Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Published: 2015-04-28Modified: 2016-11-28
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
CVE-2014-0155
MEDIUM5.5

The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced.

Published: 2014-04-14Modified: 2025-04-12
CVSS 2.0MEDIUM 5.5
CVSS:2.0/AV:A/AC:L/Au:S/C:N/I:N/A:C
References
CVE-2014-0181
LOW2.1

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.

Published: 2014-04-27Modified: 2025-04-12
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:P/A:N
References
CVE-2014-0196
MEDIUM5.5

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.

Published: 2014-05-07Modified: 2026-04-21
CVSS 2.0MEDIUM 6.9
CVSS:2.0/AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2014-1737
HIGH7.2

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.

Published: 2014-05-11Modified: 2025-04-12
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
References
CVE-2014-1738
LOW2.1

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.

Published: 2014-05-11Modified: 2025-04-12
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N
References
CVE-2014-2678
MEDIUM4.7

The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.

Published: 2014-04-01Modified: 2025-04-12
CVSS 2.0MEDIUM 4.7
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C
References
CVE-2014-2851
MEDIUM6.9

Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.

Published: 2014-04-14Modified: 2025-04-12
CVSS 2.0MEDIUM 6.9
CVSS:2.0/AV:L/AC:M/Au:N/C:C/I:C/A:C
References
CVE-2014-3122
MEDIUM4.9

The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings.

Published: 2014-05-11Modified: 2025-04-12
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C
References
CVE-2014-3144
MEDIUM4.9

The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced.

Published: 2014-05-11Modified: 2025-04-12
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C
References
CVE-2014-3145
MEDIUM4.9

The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced.

Published: 2014-05-11Modified: 2025-04-12
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C
References
CVE-2014-4027
LOW2.3

The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.

Published: 2014-06-23Modified: 2025-04-12
CVSS 2.0LOW 2.3
CVSS:2.0/AV:A/AC:M/Au:S/C:P/I:N/A:N
References
CVE-2014-7283
MEDIUM4.9

The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a denial of service (filesystem corruption, and OOPS or panic) via operations on directories that have hash collisions, as demonstrated by rmdir operations.

Published: 2014-10-13Modified: 2025-04-12
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C
References