Vulnerability & Exploit Database

Displaying entries 1 - 10 of 29 in total

Results for: CVE-2014-1874 Back to search

RHSA-2014:0771: kernel security and bug fix update Vulnerability

  • Severity: 7
  • Published: June 07, 2014

The kernel packages contain the Linux kernel, the core of any Linuxoperating system.Note: A local user with write access to /dev/fdX could use these two flaws(CVE-2014-1737 in combination with CVE-2014-1738) to escalate theirprivileges on the system.Red Hat would like to thank Kees Cook of Google for reportingCVE-2014-3153, Matthew Daley...

ELSA-2014-0771 Important: Oracle Linux kernel security and bug fix update Vulnerability

  • Severity: 7
  • Published: June 07, 2014

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

ELSA-2014-3043 Important: Oracle Linux unbreakable enterprise kernel security update Vulnerability

  • Severity: 7
  • Published: May 11, 2014

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.

ELSA-2014-3042 Important: Oracle Linux unbreakable enterprise kernel security update Vulnerability

  • Severity: 7
  • Published: May 11, 2014

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.

ELSA-2014-1392 Important: Oracle Linux kernel security, bug fix, and enhancement update Vulnerability

  • Severity: 10
  • Published: March 24, 2014

net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.

DSA-2906-1 linux-2.6 -- privilege escalation/denial of service/information leak Vulnerability

  • Severity: 10
  • Published: March 24, 2014

net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.

USN-2140-1: Linux kernel vulnerabilities Vulnerability

  • Severity: 4
  • Published: February 28, 2014

The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.

USN-2137-1: Linux kernel (Saucy HWE) vulnerabilities Vulnerability

  • Severity: 4
  • Published: February 28, 2014

The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.

SUSE: CVE-2014-1874: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: February 28, 2014

The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.

Cent OS: CVE-2014-1874: CESA-2014:0771 (kernel) Vulnerability

  • Severity: 4
  • Published: February 28, 2014

The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.