PT-2014-5376 · Linux+3 · Linux Kernel+3

Martin Schwidefsky

Publicado

2014-08-01

Atualizado

2023-10-03

CVE-2014-3534

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.15.8

Description The issue allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call. This is due to the Linux kernel not properly restricting address-space control operations in PTRACE POKEUSR AREA requests on the s390 platform.

Recommendations For Linux kernel versions prior to 3.15.8, update to version 3.15.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of ptrace system calls to minimize the risk of exploitation.

Exploit

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

ALT-PU-2014-1970

ALT-PU-2015-1794

CESA-2014_1023

CVE-2014-3534

DSA-2992-1

RHSA-2014:1023

RHSA-2014_1023

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

PT-2014-5376 · Linux+3 · Linux Kernel+3

CVE-2014-3534

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 27