CVE-2014-1445

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise kernel-pae-devel (affected versions not specified) SUSE Linux Enterprise kernel-xen-devel (affected versions not specified) SUSE Linux Enterprise gfs2-kmp-xen (affected versions not specified) Linux kernel versions prior to 3.11.7 SUSE Linux Enterprise kernel-ec2-devel (affected versions not specified)

Description The issue concerns multiple vulnerabilities in various packages of the SUSE Linux Enterprise operating system, including kernel-pae-devel, kernel-xen-devel, gfs2-kmp-xen, and kernel-ec2-devel. These vulnerabilities can be exploited remotely and may lead to a breach of confidentiality, integrity, and availability of protected information. Additionally, a specific vulnerability in the Linux kernel before version 3.11.7 allows local users to obtain sensitive information from kernel memory via an ioctl call to the wanxl ioctl function in drivers/net/wan/wanxl.c.

Recommendations For SUSE Linux Enterprise kernel-pae-devel, consider disabling the vulnerable components until a patch is available. For SUSE Linux Enterprise kernel-xen-devel, restrict access to the vulnerable modules to minimize the risk of exploitation. For SUSE Linux Enterprise gfs2-kmp-xen, avoid using the vulnerable functions until the issue is resolved. For Linux kernel versions prior to 3.11.7, update to version 3.11.7 or later to resolve the issue. For SUSE Linux Enterprise kernel-ec2-devel, consider disabling the vulnerable components until a patch is available. At the moment, there is no information about a newer version that contains a fix for the SUSE Linux Enterprise kernel-pae-devel, kernel-xen-devel, gfs2-kmp-xen, and kernel-ec2-devel vulnerabilities.