oval:org.mitre.oval:def:27732
Definition Id: oval:org.mitre.oval:def:27732 | |||
Oval ID: | oval:org.mitre.oval:def:27732 | ||
Title: | USN-2445-1 -- Linux kernel (Trusty HWE) vulnerabilities | ||
Description: | An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-8134">CVE-2014-8134</a>) Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7826">CVE-2014-7826</a>) A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3673">CVE-2014-3673</a>) A flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3687">CVE-2014-3687</a>) It was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3688">CVE-2014-3688</a>) Rabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the perf subsystem of the Linux kernel handles private systecall numbers. A local user could exploit this to cause a denial of service (OOPS) or bypass ASLR protections via a crafted application. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7825">CVE-2014-7825</a>) The KVM (kernel virtual machine) subsystem of the Linux kernel miscalculates the number of memory pages during the handling of a mapping failure. A guest OS user could exploit this to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-8369">CVE-2014-8369</a>) Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register on the x86 architecture. A local attacker could exploit this flaw to cause a denial of service (panic). (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9090">CVE-2014-9090</a>) | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2445-1 CVE-2014-8134 CVE-2014-7826 CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-7825 CVE-2014-8369 CVE-2014-9090 | Version: | 3 |
Platform(s): | Ubuntu 12.04 | Product(s): | linux-lts-trusty |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15824 | |||
Oval ID: | oval:org.mitre.oval:def:15824 | ||
Title: | Ubuntu 12.04 is installed | ||
Description: | Ubuntu 12.04 is installed | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:canonical:ubuntu_linux:12.04 | Version: | 5 |
Platform(s): | Ubuntu 12.04 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:27732 |