Local Users Can Exploit Linux Kernel Vulnerability in Auditing System
CVE-2014-3917

Currently unrated

Key Information:

Vendor: Suse
Status: Linux Enterprise Desktop
Vendor: CVE Published:; 5 June 2014

Summary

The vulnerability occurs in the Linux kernel's auditing subsystem when CONFIG_AUDITSYSCALL is enabled. Local users can exploit this issue through manipulated syscall numbers, potentially leading to exposure of sensitive single-bit values from kernel memory or triggering a denial of service (OOPS). Adequate bounds checking is crucial to mitigate these risks and maintain system integrity.

References

http://article.gmane.org/gmane.linux.kernel/1713179

mailing-listx_refsource_MLIST

http://www.ubuntu.com/usn/USN-2335-1

vendor-advisoryx_refsource_UBUNTU

http://www.ubuntu.com/usn/USN-2334-1

vendor-advisoryx_refsource_UBUNTU

Timeline

Vulnerability published
Jun 5, 2014
Vulnerability Reserved
May 29, 2014