Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-7825

Опубликовано: 07 нояб. 2014
Источник: redhat
CVSS2: 4

Описание

kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application.

An out-of-bounds memory access flaw, CVE-2014-7825, was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system. Additionally, an out-of-bounds memory access flaw, CVE-2014-7826, was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelFixedRHSA-2015:086421.04.2015
Red Hat Enterprise Linux 7kernelFixedRHSA-2015:029005.03.2015
Red Hat Enterprise MRG 2kernel-rtFixedRHSA-2014:194302.12.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1161565kernel: insufficient syscall number validation in perf and ftrace subsystems

4 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-7825

CVSS3: 7.8
ubuntu
больше 11 лет назад

kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application.

nvd логотип

CVE-2014-7825

CVSS3: 7.8
nvd
больше 11 лет назад

kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application.

debian логотип

CVE-2014-7825

CVSS3: 7.8
debian
больше 11 лет назад

kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does ...

github логотип

GHSA-p667-8g7r-xghf

CVSS3: 7.8
github
почти 4 года назад

kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application.

oracle-oval логотип

ELSA-2015-3015

oracle-oval
около 11 лет назад

ELSA-2015-3015: Unbreakable Enterprise kernel security update (IMPORTANT)

4 Medium

CVSS2