Ubuntu: USN-4756-1 Critical: Linux Kernel Denial of Service Issues
debian
January 15, 2015
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or information leaks
Topics Covered
Summary
CVE-2013-6885
It was discovered that under specific circumstances, a combination
of write operations to write-combined memory and locked CPU
instructions may cause a core hang on AMD 16h 00h through 0Fh
processors. A local user can use this flaw to mount a denial of
service (system hang) via a crafted application.
For more information please refer to the AMD CPU erratum 793 in
https://www.amd.com/en/search/documentation/hub.html#sortCriteria=%40amd_release_date%20descending&f-amd_archive_status=Active&f-amd_audience=Technical
CVE-2014-8133
It was found that the espfix funcionality can be bypassed by
installing a 16-bit RW data segment into GDT instead of LDT (which
espfix checks for) and using it for stack. A local unprivileged user
could potentially use this flaw to leak kernel stack addresses and
thus allowing to bypass the ASLR protection mechanism.
CVE-2014-9419
It was found that on Linux kernels compiled with the 32 bit
interfaces (CONFIG...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: linux
CVE ID: CVE-2013-6885 CVE-2014-8133 CVE-2014-9419 CVE-2014-9529
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!