New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 9.4
Synopsis
The remote Debian host is missing a security-related update.
Description
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation :
- CVE-2014-3144/ CVE-2014-3145 A local user can cause a denial of service (system crash) via crafted BPF instructions.
- CVE-2014-3153 Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.
Solution
Upgrade the linux packages.
For the stable distribution (wheezy), these problems have been fixed in version 3.2.57-3+deb7u2.