Computer Security
[EN] securityvulns.ru no-pyccku


Linux kernel multiple security vulnerabilities
Published:18.01.2015
Source:
SecurityVulns ID:14217
Type:library
Threat Level:
8/10
Description:Protection bypass, privilege escalation, DoS.
Affected:LINUX : kernel 3.18
CVE:CVE-2014-9588
 CVE-2014-9585 (The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.)
 CVE-2014-9529 (Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.)
 CVE-2014-9420 (The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image.)
 CVE-2014-9419 (The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.)
 CVE-2014-9322 (arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.)
 CVE-2014-8133 (arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value.)
 CVE-2013-6885 (The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:027 ] kernel (18.01.2015)

libvirt / qemu DoS
Published:18.01.2015
Source:
SecurityVulns ID:14218
Type:library
Threat Level:
5/10
Description:Deadlocks.
Affected:LIBVIRT : libvirt 1.2
CVE:CVE-2014-8136 (The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:023 ] libvirt (18.01.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod