LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > LinuxQuestions.org > Linux - News
User Name
Password
Linux - News This forum is for original Linux News. If you'd like to write content for LQ, feel free to contact us.
All threads in the forum need to be approved before they will appear.

Notices

Reply
 
Search this Thread
Old 01-31-2014, 10:09 PM   #1
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,285
Blog Entries: 54

Rep: Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854
CVE-2014-0038: Linux Kernel Remote Memory Corruption Vulnerability


http://seclists.org/oss-sec/2014/q1/187:

Quote:
The impact is a sort of arbitrary kernel write-where-what primitive by unprivileged users where the to-be-written area must contain valid timespec data initially (the first 64 bit long field must be positive
and the second one must be < 1G).

The bug was introduced by commit http://git.kernel.org/linus/ee4fa23c4b (other uses of COMPAT_USE_64BIT_TIME seem fine) and should affect all kernels since 3.4 (and perhaps vendor kernels if they backported x32 support along with this code). Note that CONFIG_X86_X32_ABI gets enabled at build time and only if CONFIG_X86_X32 is enabled and ld can build x32
executables.
http://www.securityfocus.com/bid/65255/info:
Quote:
Linux Kernel 'compat_sys_recvmmsg()' Function Remote Memory Corruption Vulnerability

The Linux Kernel is prone to a remote memory-corruption vulnerability.

A remote attacker can exploit this issue to execute arbitrary code with kernel privileges, corrupt the kernel memory, obtain sensitive information or crash the kernel; resulting in a denial-of-service condition.

Linux kernel 3.4 and above are vulnerable.
http://cve.mitre.org/cgi-bin/cvename...=CVE-2014-0038
 
  


Reply

Tags
cve, kernel, vulnerability


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
CVE-2014-0038: Linux Kernel Remote Memory Corruption Vulnerability unSpawn Linux - Security 1 02-19-2014 01:05 AM
[SOLVED] Mozilla-NSS vulnerability (CVE-2013-1740) gengisdave Slackware 3 01-28-2014 09:19 PM
LXer: Ubuntu: 2014-1: OpenSSH vulnerability LXer Syndicated Linux News 0 11-09-2013 12:03 AM
LXer: Ubuntu: 2014-1: OpenSSH vulnerability LXer Syndicated Linux News 0 11-08-2013 02:30 PM
Patch of vulnerability CVE:2007-5001 nnetala Linux - Newbie 0 06-26-2008 03:27 AM


All times are GMT -5. The time now is 03:29 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration