CVE-2014-3917

CWE-200 — Information Exposure CWE-119 — Buffer Overflow18 documents8 sources

Severity

3.3LOW

EPSS

0.1%

top 74.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Redhat Enterprise Linux Redhat Enterprise MRG +1 more

Timeline

PublishedJun 5

Latest updateMay 13

Description

kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.

CVSS vector

AV:L/AC:M/C:P/I:N/A:PExploitability: 3.4 | Impact: 4.9

Affected Packages4 packages

▶NVDlinux/linux_kernel3.14.5+5

▶Debianlinux< 3.14.7-1+3

▶NVDsuse/linux_enterprise_desktop10.0

▶NVDredhat/enterprise_mrg2.0

Also affects: Enterprise Linux 5, 6.0

🔴Vulnerability Details

GHSA

GHSA-qjxx-j28r-gvj2: kernel/auditsc↗2022-05-13

▶

OSV

CVE-2014-3917: kernel/auditsc↗2014-06-05

▶

CVEList

CVE-2014-3917: kernel/auditsc↗2014-06-05

▶

📋Vendor Advisories

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2014-09-02

▶

Ubuntu

Linux kernel vulnerabilities↗2014-09-02

▶

Ubuntu

Linux kernel vulnerability↗2014-08-13

▶

Ubuntu

Linux kernel (Trusty HWE) vulnerability↗2014-08-13

▶

Ubuntu

Linux kernel (Quantal HWE) vulnerabilities↗2014-07-17

▶

💬Community

Bugzilla

CVE-2014-3917 kernel: DoS with syscall auditing↗2014-05-29

▶

Bugzilla

CVE-2014-3917 kernel: DoS with syscall auditing [fedora-all]↗2014-05-29

▶