Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-9090

Опубликовано: 23 нояб. 2014
Источник: redhat
CVSS2: 4.9
EPSS Низкий

Описание

The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite.

Отчет

Not vulnerable. This issue did not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise Linux MRG 2 because they do not have support for the x86-64 version of ESPfix functionality.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise MRG 2kernelNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1170691kernel: espfix64: local DoS via do_double_fault() due to improper handling of faults associated with SS segment register

EPSS

Процентиль: 13%
0.00043
Низкий

4.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-9090

ubuntu
больше 10 лет назад

The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite.

nvd логотип

CVE-2014-9090

nvd
больше 10 лет назад

The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite.

debian логотип

CVE-2014-9090

debian
больше 10 лет назад

The do_double_fault function in arch/x86/kernel/traps.c in the Linux k ...

github логотип

GHSA-w7mf-cp8w-3rfq

github
около 3 лет назад

The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite.

oracle-oval логотип

ELSA-2014-3107

oracle-oval
больше 10 лет назад

ELSA-2014-3107: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 13%
0.00043
Низкий

4.9 Medium

CVSS2

Уязвимость CVE-2014-9090