PT-2014-1803 · Canonical · Acpi-Support

Jonathan Davies

Published

2014-07-22

Updated

2017-01-07

CVE-2014-1419

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions acpi-support versions prior to 0.142

Description A race condition in the power policy functions of acpi-support allows local users to gain privileges. Multiple vulnerabilities in the acpi-support package may lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited by a local attacker.

Recommendations For versions prior to 0.142, update to version 0.142 or later to resolve the issue. As a temporary workaround, consider restricting access to the power policy functions in policy-funcs to minimize the risk of exploitation.

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

BDU:2015-04136

CVE-2014-1419

DLA-30-1

DSA-2984-1

USN-2297-1

Affected Products

Acpi-Support

PT-2014-1803 · Canonical · Acpi-Support

CVE-2014-1419

Weakness Enumeration

Related Identifiers

Affected Products

References · 15