Back to search
CVE-2014-3917
Published: Jun 5, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[linux-kernel] 20140528 [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking
mailing-list
x_refsource_MLIST
USN-2335-1
vendor-advisory
x_refsource_UBUNTU
USN-2334-1
vendor-advisory
x_refsource_UBUNTU
60564
third-party-advisory
x_refsource_SECUNIA
59777
third-party-advisory
x_refsource_SECUNIA
RHSA-2014:1143
vendor-advisory
x_refsource_REDHAT
60011
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20140529 Re: CVE request: Linux kernel DoS with syscall auditing
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=1102571
x_refsource_CONFIRM
RHSA-2014:1281
vendor-advisory
x_refsource_REDHAT
SUSE-SU-2015:0812
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now