CVE-2014-3917

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 05-06-2014 07:55

Last modified: - 21-09-2022 08:44

Total changes: - 3

Description

kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:M/Au:N/C:P/I:N/A:P

Low

Attack complexity

Local

Attack vector

Low

Availability

Low

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

3.3

Base score

3.4

4.9

Exploitability score

Impact score

Verification logic

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1102571
[linux-kernel] 20140528 [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking-
[oss-security] 20140529 Re: CVE request: Linux kernel DoS with syscall auditing-
60011-
59777-
60564-
RHSA-2014:1143-
USN-2334-1-
USN-2335-1-
RHSA-2014:1281-
SUSE-SU-2015:0812-

Keywords

CVE-2014-3917

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2014-3917

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures