PT-2013-6345 · Suse+4 · Suse Linux Enterprise Kernel-Ec2-Devel+8

Matthew Thode

·

Published

1970-01-01

·

Updated

2023-02-13

·

CVE-2014-1874

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.13.4 SUSE Linux Enterprise kernel-pae-devel (affected versions not specified) SUSE Linux Enterprise kernel-xen-devel (affected versions not specified) SUSE Linux Enterprise gfs2-kmp-xen (affected versions not specified) SUSE Linux Enterprise kernel-ec2-devel (affected versions not specified)
Description The issue allows local users to cause a denial of service by leveraging the CAP MAC ADMIN capability to set a zero-length security context. Multiple vulnerabilities in SUSE Linux Enterprise packages may lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely.
Recommendations For Linux kernel versions prior to 3.13.4, update to version 3.13.4 or later to resolve the issue. For SUSE Linux Enterprise kernel-pae-devel, kernel-xen-devel, gfs2-kmp-xen, and kernel-ec2-devel, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

RCE

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2014-1232
ALT-PU-2014-1802
ALT-PU-2014-2064
BDU:2015-04307
BDU:2015-04308
BDU:2015-04309
BDU:2015-04310
CESA-2014_0771
CVE-2014-1874
DSA-2906-1
OPENSUSE-SU-2014_0677-1
OPENSUSE-SU-2014_0678-1
RHSA-2014:0439
RHSA-2014:0771
RHSA-2014_0771
SUSE-RU-2015:0621-1
SUSE-SU-2015:0481-1
SUSE-SU-2015:0581-1
SUSE-SU-2015:0652-1
SUSE-SU-2015:0736-1
SUSE-SU-2015:1174-1
SUSE-SU-2015:1376-1
USN-2128-1
USN-2129-1
USN-2133-1
USN-2134-1
USN-2135-1
USN-2136-1
USN-2137-1
USN-2138-1
USN-2139-1
USN-2140-1
USN-2141-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse Linux Enterprise Gfs2-Kmp-Xen
Suse Linux Enterprise Kernel-Ec2-Devel
Suse Linux Enterprise Kernel-Pae-Devel
Suse Linux Enterprise Kernel-Xen-Devel
Suse