CVE-2014-3534

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 01-08-2014 01:13

Last modified: - 21-09-2022 08:44

Total changes: - 2

Description

arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:L/Au:N/C:C/I:C/A:C

Low

Attack complexity

Local

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

7.2

Base score

3.9

10.0

Exploitability score

Impact score

Verification logic

Reference

https://github.com/torvalds/linux/commit/dab6cf55f81a6e16b8147aed9a843e1691dcd318
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8
https://bugzilla.redhat.com/show_bug.cgi?id=1114089
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dab6cf55f81a6e16b8147aed9a843e1691dcd318
DSA-2992-Third Party Advisory
1030683-Third Party Advisory, VDB Entry
68940-Third Party Advisory, VDB Entry
109546-Broken Link
60351-Third Party Advisory
59790-Third Party Advisory
linux-cve20143534-priv-esc(95069)-Third Party Advisory, VDB Entry

Keywords

CVE-2014-3534

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2014-3534

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures