CVE-2014-3917
Advisory lineage Upstream: 0 Downstream: 16
Modified
Published: 05 Jun 2014, 17:00
Last modified:06 Aug 2024, 10:57
Vulnerability Summary
Overall Risk (default)
low
13/100 CVSS Score
3.3 LOW
v2.0 (nvd)
EPSS Score
0.09% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
05 Jun 2014, 17:00
Published
Vulnerability first disclosed
06 Aug 2024, 10:57
Last Modified
Vulnerability information updated
Description
kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.
CVSS Metrics
- v2.0•LOW•Score: 3.3AV:L/AC:M/Au:N/C:P/I:N/A:P
EPSS Trends
Current EPSS score: 0.09%• Percentile: 25%
Techniques & Countermeasures
- CWE-200•Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Affected Systems
- linux•linux_kernel
≤ 3.14.5 | 3.14 | 3.14:rc1 | 3.14:rc2 | 3.14:rc3 | 3.14:rc4 | 3.14:rc5 | 3.14:rc6 | 3.14:rc7 | 3.14:rc8 | 3.14.1 | 3.14.2 | 3.14.3 | 3.14.4
- redhat•enterprise_linux
5 | 6.0
- redhat•enterprise_mrg
2.0
- suse•linux_enterprise_desktop
10.0:sp4
References (11)
- http://article.gmane.org/gmane.linux.kernel/1713179
- http://www.ubuntu.com/usn/USN-2335-1
- http://www.ubuntu.com/usn/USN-2334-1
- http://secunia.com/advisories/60564
- http://secunia.com/advisories/59777
- http://rhn.redhat.com/errata/RHSA-2014-1143.html
- http://secunia.com/advisories/60011
- http://www.openwall.com/lists/oss-security/2014/05/29/5
- https://bugzilla.redhat.com/show_bug.cgi?id=1102571
- http://rhn.redhat.com/errata/RHSA-2014-1281.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html