PT-2014-5376 · Linux+3 · Linux Kernel+3

Martin Schwidefsky

Published

2014-08-01

Updated

2023-10-03

CVE-2014-3534

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.15.8

Description The issue allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call. This is due to the Linux kernel not properly restricting address-space control operations in PTRACE POKEUSR AREA requests on the s390 platform.

Recommendations For Linux kernel versions prior to 3.15.8, update to version 3.15.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of ptrace system calls to minimize the risk of exploitation.

Exploit

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

ALT-PU-2014-1970

ALT-PU-2015-1794

CESA-2014_1023

CVE-2014-3534

DSA-2992-1

RHSA-2014:1023

RHSA-2014_1023

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

PT-2014-5376 · Linux+3 · Linux Kernel+3

CVE-2014-3534

Weakness Enumeration

Related Identifiers

Affected Products

References · 27