CVE-2014-4699

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a

http://linux.oracle.com/errata/ELSA-2014-0924.html

http://linux.oracle.com/errata/ELSA-2014-3047.html

http://linux.oracle.com/errata/ELSA-2014-3048.html

http://openwall.com/lists/oss-security/2014/07/05/4

http://openwall.com/lists/oss-security/2014/07/08/16

http://openwall.com/lists/oss-security/2014/07/08/5

http://packetstormsecurity.com/files/127573/Linux-Kernel-ptrace-sysret-Local-Privilege-Escalation.html

http://secunia.com/advisories/59633

http://secunia.com/advisories/59639

http://secunia.com/advisories/59654

http://secunia.com/advisories/60220

http://secunia.com/advisories/60380

http://secunia.com/advisories/60393

http://www.debian.org/security/2014/dsa-2972

http://www.exploit-db.com/exploits/34134

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.4

http://www.openwall.com/lists/oss-security/2014/07/04/4

http://www.osvdb.org/108754

http://www.ubuntu.com/usn/USN-2266-1

http://www.ubuntu.com/usn/USN-2267-1

http://www.ubuntu.com/usn/USN-2268-1

http://www.ubuntu.com/usn/USN-2269-1

http://www.ubuntu.com/usn/USN-2270-1

http://www.ubuntu.com/usn/USN-2271-1

http://www.ubuntu.com/usn/USN-2272-1

http://www.ubuntu.com/usn/USN-2273-1

http://www.ubuntu.com/usn/USN-2274-1

https://bugzilla.redhat.com/show_bug.cgi?id=1115927

https://github.com/torvalds/linux/commit/b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a

https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.47

https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.11

https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.97

Details

Source: MITRE

Published: 2014-07-09

Updated: 2020-08-14

Type: CWE-362

Risk Information

CVSS v2

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

Tenable Plugins

View all (37 total)

IDNameProductFamilySeverity
124977EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1524)NessusHuawei Local Security Checks
high
124805EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1481)NessusHuawei Local Security Checks
high
99163OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)NessusOracleVM Local Security Checks
critical
83640SUSE SLES11 Security Update : kernel (SUSE-SU-2014:1138-1)NessusSuSE Local Security Checks
medium
83633SUSE SLES11 Security Update : kernel (SUSE-SU-2014:1105-1)NessusSuSE Local Security Checks
high
81800Oracle Linux 7 : kernel (ELSA-2015-0290)NessusOracle Linux Local Security Checks
high
79111RHEL 6 : kernel (RHSA-2014:0925)NessusRed Hat Local Security Checks
medium
79037RHEL 6 : kernel (RHSA-2014:0949)NessusRed Hat Local Security Checks
medium
77355Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3070)NessusOracle Linux Local Security Checks
high
77177openSUSE Security Update : kernel (openSUSE-SU-2014:0985-1)NessusSuSE Local Security Checks
high
77074Mandriva Linux Security Advisory : kernel (MDVSA-2014:155)NessusMandriva Local Security Checks
medium
76988openSUSE Security Update : kernel (openSUSE-SU-2014:0957-1)NessusSuSE Local Security Checks
medium
76906RHEL 7 : kernel (RHSA-2014:0923)NessusRed Hat Local Security Checks
medium
76851Fedora 19 : kernel-3.14.13-100.fc19 (2014-8487)NessusFedora Local Security Checks
medium
76838CentOS 6 : kernel (CESA-2014:0924)NessusCentOS Local Security Checks
medium
76837CentOS 7 : kernel (CESA-2014:0923)NessusCentOS Local Security Checks
medium
76783Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20140723)NessusScientific Linux Local Security Checks
medium
76781Oracle Linux 7 : unbreakable enterprise kernel (ELSA-2014-3049)NessusOracle Linux Local Security Checks
high
76750RHEL 6 : kernel (RHSA-2014:0924)NessusRed Hat Local Security Checks
medium
76747Oracle Linux 6 : kernel (ELSA-2014-0924)NessusOracle Linux Local Security Checks
medium
76746Oracle Linux 7 : kernel (ELSA-2014-0923)NessusOracle Linux Local Security Checks
medium
76696RHEL 6 : kernel-rt (RHSA-2014:0913)NessusRed Hat Local Security Checks
high
76603Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2014-3048)NessusOracle Linux Local Security Checks
medium
76602Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2014-3047)NessusOracle Linux Local Security Checks
medium
76601Oracle Linux 6 : unbreakable enterprise kernel (ELSA-2014-3046)NessusOracle Linux Local Security Checks
high
76557SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9488 / 9491 / 9493)NessusSuSE Local Security Checks
critical
76468Fedora 20 : kernel-3.15.4-200.fc20 (2014-8171)NessusFedora Local Security Checks
medium
76387Debian DSA-2972-1 : linux - security updateNessusDebian Local Security Checks
medium
76386Ubuntu 14.04 LTS : linux vulnerability (USN-2274-1)NessusUbuntu Local Security Checks
medium
76385Ubuntu 13.10 : linux vulnerability (USN-2273-1)NessusUbuntu Local Security Checks
medium
76384Ubuntu 12.04 LTS : linux-lts-trusty vulnerability (USN-2272-1)NessusUbuntu Local Security Checks
medium
76383Ubuntu 12.04 LTS : linux-lts-saucy vulnerability (USN-2271-1)NessusUbuntu Local Security Checks
medium
76382Ubuntu 12.04 LTS : linux-lts-raring vulnerability (USN-2270-1)NessusUbuntu Local Security Checks
medium
76381Ubuntu 12.04 LTS : linux-lts-quantal vulnerability (USN-2269-1)NessusUbuntu Local Security Checks
medium
76380Ubuntu 12.04 LTS : linux vulnerability (USN-2268-1)NessusUbuntu Local Security Checks
medium
76379Ubuntu 10.04 LTS : linux-ec2 vulnerability (USN-2267-1)NessusUbuntu Local Security Checks
medium
76378Ubuntu 10.04 LTS : linux vulnerability (USN-2266-1)NessusUbuntu Local Security Checks
medium