|
|
Subscribe / Log in / New account

kernel: two vulnerabilities

Package(s):kernel CVE #(s):CVE-2014-0205 CVE-2014-3535
Created:September 10, 2014 Updated:October 8, 2014
Description: From the Red Hat advisory:

A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation. (CVE-2014-0205)

A NULL pointer dereference flaw was found in the way the Linux kernel's networking implementation handled logging while processing certain invalid packets coming in via a VxLAN interface. A remote attacker could use this flaw to crash the system by sending a specially crafted packet to such an interface. (CVE-2014-3535)

Alerts:
Oracle ELSA-2014-3096 kernel 2014-12-04
Oracle ELSA-2014-3096 kernel 2014-12-04
Red Hat RHSA-2014:1763-01 kernel 2014-10-30
Red Hat RHSA-2014:1365-01 kernel 2014-10-07
Oracle ELSA-2014-3073 kernel 2014-09-10
Oracle ELSA-2014-3073 kernel 2014-09-10
Scientific Linux SLSA-2014:1167-1 kernel 2014-09-09
Oracle ELSA-2014-1167 kernel 2014-09-09
CentOS CESA-2014:1167 kernel 2014-09-09
Red Hat RHSA-2014:1167-01 kernel 2014-09-09
Oracle ELSA-2014-1392 kernel 2014-10-21
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds