Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Multiple Vulnerabilities in Linux Kernel

 

Systems Affected


Linux kernel prior to 3.14.1

Threat Level

Overview


Two vulnerabilities have been reported in Linux kernel which could allow a local attacker to gain privileges or cause denial of service conditions.


Description


1. Privilege Escalation Vulnerability (CVE-2014-2851 ) This vulnerability exists in the ping_init_sock() function in net/ipv4/ping.c in the Linux kernel due to improper handling of the group_info struct reference counter. A local attacker could exploit this vulnerability through a crafted application by leveraging an improperly managed reference counter. Successful exploitation could allow the attacker to gain privileges or cause denial of service conditions.

2. Denial of Service Vulnerability (CVE-2014-0155 )
This vulnerability exists in the ioapic_deliver() function in virt/kvm/ioapic.c in the Linux kernel due to improper validation of the kvm_irq_delivery_to_apic return value. A local attacker in a guest virtual machine could exploit this vulnerability via a crafted entry in the redirection table to cause a denial of service condition.


Impact



Solution/ Workarounds


  ✻  Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.


References


http://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2014-0076


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.