3.3 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:N/A:P
0.0004 Low
EPSS
Percentile
5.1%
kernel/auditsc.c in the Linux kernel through 3.14.5, when
CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local
users to obtain potentially sensitive single-bit values from kernel memory
or cause a denial of service (OOPS) via a large value of a syscall number.
Author | Note |
---|---|
jdstrand | android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | linux | < 2.6.32-64.128 | UNKNOWN |
ubuntu | 12.04 | noarch | linux | < 3.2.0-68.102 | UNKNOWN |
ubuntu | 13.10 | noarch | linux | < 3.11.0-26.45 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < 3.13.0-33.58 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | < 3.2.0-1637.54 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-ec2 | < 2.6.32-368.84 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-quantal | < 3.5.0-54.81~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-raring | < 3.8.0-44.66~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-saucy | < 3.11.0-26.45~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-trusty | < 3.13.0-33.58~precise1 | UNKNOWN |
article.gmane.org/gmane.linux.kernel/1713179
launchpad.net/bugs/cve/CVE-2014-3917
nvd.nist.gov/vuln/detail/CVE-2014-3917
security-tracker.debian.org/tracker/CVE-2014-3917
ubuntu.com/security/notices/USN-2281-1
ubuntu.com/security/notices/USN-2282-1
ubuntu.com/security/notices/USN-2285-1
ubuntu.com/security/notices/USN-2286-1
ubuntu.com/security/notices/USN-2287-1
ubuntu.com/security/notices/USN-2289-1
ubuntu.com/security/notices/USN-2313-1
ubuntu.com/security/notices/USN-2314-1
ubuntu.com/security/notices/USN-2334-1
ubuntu.com/security/notices/USN-2335-1
www.cve.org/CVERecord?id=CVE-2014-3917