CVE-2014-1874

Description

The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.

CVSS Metrics

• v2.0•MEDIUM•Score: 4.9AV:L/AC:L/Au:N/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 0.06%• Percentile: 18%

Techniques & Countermeasures

• CWE-20•Improper Input Validation

  The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Affected Systems

• canonical•ubuntu_linux

  10.04 | 12.04 | 12.10 | 13.10

• linux•linux_kernel

  < 3.13.4

• suse•linux_enterprise_server

  10:sp4

References (23)

• http://www.ubuntu.com/usn/USN-2135-1
• http://www.ubuntu.com/usn/USN-2138-1
• http://www.ubuntu.com/usn/USN-2137-1
• http://www.ubuntu.com/usn/USN-2141-1
• http://www.ubuntu.com/usn/USN-2129-1
• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2172fa709ab32ca60e86179dc67d0857be8e2c98
• http://www.ubuntu.com/usn/USN-2136-1
• http://www.ubuntu.com/usn/USN-2128-1
• http://www.ubuntu.com/usn/USN-2140-1
• http://www.openwall.com/lists/oss-security/2014/02/07/2
• http://secunia.com/advisories/59262
• https://bugzilla.redhat.com/show_bug.cgi?id=1062356
• http://www.ubuntu.com/usn/USN-2139-1
• http://secunia.com/advisories/59309
• http://secunia.com/advisories/59406
• http://www.ubuntu.com/usn/USN-2134-1
• http://www.securityfocus.com/bid/65459
• http://linux.oracle.com/errata/ELSA-2014-0771.html
• http://www.ubuntu.com/usn/USN-2133-1
• https://github.com/torvalds/linux/commit/2172fa709ab32ca60e86179dc67d0857be8e2c98
• http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.4
• http://linux.oracle.com/errata/ELSA-2014-3043.html
• http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html