CVE-2014-9644

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4943ba16bbc2db05115707b3ff7b4874e9e3c560

http://rhn.redhat.com/errata/RHSA-2016-0068.html

http://www.debian.org/security/2015/dsa-3170

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5

http://www.mandriva.com/security/advisories?name=MDVSA-2015:057

http://www.mandriva.com/security/advisories?name=MDVSA-2015:058

http://www.openwall.com/lists/oss-security/2015/01/24/4

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/72320

http://www.ubuntu.com/usn/USN-2513-1

http://www.ubuntu.com/usn/USN-2514-1

http://www.ubuntu.com/usn/USN-2543-1

http://www.ubuntu.com/usn/USN-2544-1

http://www.ubuntu.com/usn/USN-2545-1

http://www.ubuntu.com/usn/USN-2546-1

https://bugzilla.redhat.com/show_bug.cgi?id=1190546

https://github.com/torvalds/linux/commit/4943ba16bbc2db05115707b3ff7b4874e9e3c560

https://plus.google.com/+MathiasKrause/posts/PqFCo4bfrWu

Details

Source: MITRE

Published: 2015-03-02

Updated: 2020-05-21

Type: CWE-269

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
124985EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1532)NessusHuawei Local Security Checks
high
124809EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1485)NessusHuawei Local Security Checks
high
99163OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)NessusOracleVM Local Security Checks
critical
90019OracleVM 3.2 : kernel-uek (OVMSA-2016-0037)NessusOracleVM Local Security Checks
critical
88571RHEL 7 : kernel-rt (RHSA-2015:2411)NessusRed Hat Local Security Checks
medium
88405RHEL 6 : MRG (RHSA-2016:0068)NessusRed Hat Local Security Checks
high
87836Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3503)NessusOracle Linux Local Security Checks
medium
87835Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3502)NessusOracle Linux Local Security Checks
medium
87559Scientific Linux Security Update : kernel on SL7.x x86_64 (20151119)NessusScientific Linux Local Security Checks
medium
87135CentOS 7 : kernel (CESA-2015:2152)NessusCentOS Local Security Checks
high
87090Oracle Linux 7 : kernel (ELSA-2015-2152)NessusOracle Linux Local Security Checks
high
86972RHEL 7 : kernel (RHSA-2015:2152)NessusRed Hat Local Security Checks
high
82691OracleVM 3.3 : kernel-uek (OVMSA-2015-0040)NessusOracleVM Local Security Checks
high
82073Ubuntu 14.10 : linux vulnerabilities (USN-2546-1)NessusUbuntu Local Security Checks
critical
82072Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2545-1)NessusUbuntu Local Security Checks
critical
82071Ubuntu 14.04 LTS : linux vulnerabilities (USN-2544-1)NessusUbuntu Local Security Checks
high
82070Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2543-1)NessusUbuntu Local Security Checks
high
81966Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3012)NessusOracle Linux Local Security Checks
high
81941Mandriva Linux Security Advisory : kernel (MDVSA-2015:058)NessusMandriva Local Security Checks
high
81940Mandriva Linux Security Advisory : kernel (MDVSA-2015:057)NessusMandriva Local Security Checks
medium
81567Ubuntu 12.04 LTS : linux vulnerabilities (USN-2513-1)NessusUbuntu Local Security Checks
medium
81449Debian DSA-3170-1 : linux - security updateNessusDebian Local Security Checks
critical