CVE-2014-7826

Опубликовано: 07 нояб. 2014

Источник: redhat

CVSS2: 4

Описание

kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application.

An out-of-bounds memory access flaw, CVE-2014-7825, was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system. Additionally, an out-of-bounds memory access flaw, CVE-2014-7826, was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Fixed	RHSA-2015:0864	21.04.2015
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2015:0290	05.03.2015
Red Hat Enterprise MRG 2	kernel-rt	Fixed	RHSA-2014:1943	02.12.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1161565kernel: insufficient syscall number validation in perf and ftrace subsystems

4 Medium

CVSS2

Связанные уязвимости

CVE-2014-7826

CVSS3: 7.8

ubuntu

больше 10 лет назад

CVE-2014-7826

CVSS3: 7.8

nvd

больше 10 лет назад

CVE-2014-7826

CVSS3: 7.8

debian

больше 10 лет назад

kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does ...

GHSA-5jvp-w9hf-v844

CVSS3: 7.8

github

около 3 лет назад

ELSA-2015-3015

oracle-oval

больше 10 лет назад

ELSA-2015-3015: Unbreakable Enterprise kernel security update (IMPORTANT)

4 Medium

CVSS2