CVE-2014-4508

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 23-06-2014 01:21

Last modified: - 21-09-2022 08:44

Total changes: - 2

Description

arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:M/Au:N/C:N/I:N/A:C

Low

Attack complexity

Local

Attack vector

High

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

4.7

Base score

3.4

6.9

Exploitability score

Impact score

Verification logic

Reference

[oss-security] 20140619 CVE request: Another Linux syscall auditing bug-Mailing List, Third Party Advisory
[oss-security] 20140620 Re: CVE request: Another Linux syscall auditing bug-Mailing List, Third Party Advisory
[linux-kernel] 20140616 Re: 3.15: kernel BUG at kernel/auditsc.c:1525!-Third Party Advisory
58964-Third Party Advisory
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.61
60564-Third Party Advisory
USN-2334-1-Third Party Advisory
SUSE-SU-2014:1316-Mailing List, Third Party Advisory
SUSE-SU-2014:1319-Mailing List, Third Party Advisory
openSUSE-SU-2015:0566-Mailing List, Third Party Advisory
68126-Third Party Advisory, VDB Entry
[oss-security] 20201112 CVE-2014-4508-

Keywords

CVE-2014-4508

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2014-4508

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures