CVE-2014-1446

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.12.8 SUSE Linux Enterprise kernel-pae-devel (affected versions not specified) SUSE Linux Enterprise kernel-xen-devel (affected versions not specified) SUSE Linux Enterprise gfs2-kmp-xen (affected versions not specified) SUSE Linux Enterprise kernel-ec2-devel (affected versions not specified)

Description The issue allows local users to obtain sensitive information from kernel memory by leveraging the CAP NET ADMIN capability for an SIOCYAMGCFG ioctl call. Multiple vulnerabilities in SUSE Linux Enterprise packages may lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely.

Recommendations For Linux kernel versions prior to 3.12.8, update to version 3.12.8 or later to resolve the issue. For SUSE Linux Enterprise kernel-pae-devel, kernel-xen-devel, gfs2-kmp-xen, and kernel-ec2-devel, at the moment, there is no information about a newer version that contains a fix for this vulnerability.