Описание
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.
It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.
Отчет
This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Fixed | RHSA-2014:0924 | 23.07.2014 |
| Red Hat Enterprise Linux 6.2 Advanced Update Support | kernel | Fixed | RHSA-2014:0949 | 28.07.2014 |
| Red Hat Enterprise Linux 6.4 Extended Update Support | kernel | Fixed | RHSA-2014:0925 | 23.07.2014 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2014:0923 | 23.07.2014 |
| Red Hat Enterprise MRG 2 | kernel-rt | Fixed | RHSA-2014:0913 | 22.07.2014 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.9 Medium
CVSS2
Связанные уязвимости
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.
The Linux kernel before 3.15.4 on Intel processors does not properly r ...
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.
Уязвимость операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
EPSS
6.9 Medium
CVSS2