CVE-2014-2678

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.14 SUSE Linux Enterprise kernel-pae-devel (affected versions not specified) SUSE Linux Enterprise kernel-xen-devel (affected versions not specified) SUSE Linux Enterprise gfs2-kmp-xen (affected versions not specified) SUSE Linux Enterprise kernel-ec2-devel (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the Linux kernel and various SUSE Linux Enterprise packages, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. A specific function, rds iw laddr check, in the Linux kernel through version 3.14, allows local users to cause a denial of service or possibly have other unspecified impacts via a bind system call for an RDS socket on a system lacking RDS transports.

Recommendations For Linux kernel versions prior to 3.14, update to a version 3.14 or later to resolve the issue. For SUSE Linux Enterprise kernel-pae-devel, kernel-xen-devel, gfs2-kmp-xen, and kernel-ec2-devel, at the moment, there is no information about a newer version that contains a fix for this vulnerability.