Vulnerability CVE-2014-3917: Information

Description

kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.

Severity: LOW (3.3)

URL: https://nvd.nist.gov/vuln/detail/CVE-2014-3917
Published: June 5, 2014
Modified: July 15, 2021
Error type identifier: CWE-200

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
kernel-image-std-defsisyphus3.14.17-alt16.1.89-alt1ALT-PU-2014-2064-1128797Fixed
kernel-image-std-defp103.14.17-alt15.10.213-alt1ALT-PU-2014-2064-1128797Fixed
kernel-image-std-defp93.14.17-alt15.4.274-alt1ALT-PU-2014-2064-1128797Fixed
kernel-image-std-defc9f23.14.17-alt15.10.214-alt0.c9f.2ALT-PU-2014-2064-1128797Fixed
kernel-image-std-defc73.14.18-alt14.4.277-alt0.M70C.1ALT-PU-2014-2116-1129349Fixed
kernel-image-un-defsisyphus3.14.6-alt16.6.29-alt1ALT-PU-2014-1765-1121106Fixed
kernel-image-un-defp103.14.6-alt16.1.85-alt1ALT-PU-2014-1765-1121106Fixed
kernel-image-un-defp93.14.6-alt15.10.215-alt1ALT-PU-2014-1765-1121106Fixed
kernel-image-un-defc10f13.14.6-alt16.1.85-alt0.c10f.1ALT-PU-2014-1765-1121106Fixed
kernel-image-un-defc9f23.14.6-alt15.10.29-alt2ALT-PU-2014-1765-1121106Fixed
kernel-image-un-defc73.14.7-alt14.9.277-alt0.M70C.1ALT-PU-2014-1785-1121538Fixed
usbipsisyphus5.10-alt15.10-alt1ALT-PU-2023-1798-1320453Fixed
usbipsisyphus_e2k5.10-alt15.10-alt1ALT-PU-2023-7452-1-Fixed
usbipp105.10-alt15.10-alt1ALT-PU-2023-1903-1320461Fixed
usbipp10_e2k5.10-alt15.10-alt1ALT-PU-2023-7498-1-Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1102571
    [linux-kernel] 20140528 [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking
      [oss-security] 20140529 Re: CVE request: Linux kernel DoS with syscall auditing
        60011
          59777
            60564
              RHSA-2014:1143
                USN-2334-1
                  USN-2335-1
                    RHSA-2014:1281
                      SUSE-SU-2015:0812

                          1. Configuration 1

                            cpe:2.3:o:suse:linux_enterprise_desktop:10.0:sp4:*:*:lts:*:*:*

                            Configuration 2

                            cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
                            cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
                            cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*

                            Configuration 3

                            cpe:2.3:o:linux:linux_kernel:3.14:rc3:*:*:*:*:*:*
                            cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
                            End including
                            3.14.5
                            cpe:2.3:o:linux:linux_kernel:3.14.3:*:*:*:*:*:*:*
                            cpe:2.3:o:linux:linux_kernel:3.14.1:*:*:*:*:*:*:*
                            cpe:2.3:o:linux:linux_kernel:3.14:rc7:*:*:*:*:*:*
                            cpe:2.3:o:linux:linux_kernel:3.14:rc1:*:*:*:*:*:*
                            cpe:2.3:o:linux:linux_kernel:3.14:rc8:*:*:*:*:*:*
                            cpe:2.3:o:linux:linux_kernel:3.14:rc2:*:*:*:*:*:*
                            cpe:2.3:o:linux:linux_kernel:3.14.2:*:*:*:*:*:*:*
                            cpe:2.3:o:linux:linux_kernel:3.14:rc6:*:*:*:*:*:*
                            cpe:2.3:o:linux:linux_kernel:3.14:-:*:*:*:*:*:*
                            cpe:2.3:o:linux:linux_kernel:3.14.4:*:*:*:*:*:*:*
                            cpe:2.3:o:linux:linux_kernel:3.14:rc5:*:*:*:*:*:*
                            cpe:2.3:o:linux:linux_kernel:3.14:rc4:*:*:*:*:*:*
                        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                        Version: v24.4.2
                        Back to top