Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Multiple Vulnerabilities in Linux Kernel

 

Systems Affected


Linux kernel prior to 3.14.1

Threat Level

Overview


Two vulnerabilities have been reported in Linux kernel which could allow a local attacker to gain privileges or cause denial of service conditions.


Description


1. Privilege Escalation Vulnerability (CVE-2014-2851 ) This vulnerability exists in the ping_init_sock() function in net/ipv4/ping.c in the Linux kernel due to improper handling of the group_info struct reference counter. A local attacker could exploit this vulnerability through a crafted application by leveraging an improperly managed reference counter. Successful exploitation could allow the attacker to gain privileges or cause denial of service conditions.

2. Denial of Service Vulnerability (CVE-2014-0155 )
This vulnerability exists in the ioapic_deliver() function in virt/kvm/ioapic.c in the Linux kernel due to improper validation of the kvm_irq_delivery_to_apic return value. A local attacker in a guest virtual machine could exploit this vulnerability via a crafted entry in the redirection table to cause a denial of service condition.


Impact



Solution/ Workarounds


Apply appropriate patches as mentioned in the following links

https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cac
http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=5678de3f15010b9022ee45673f33bcfc71d47b60


References


http://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2014-0076


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.