cbcvebase.
CVE-2014-4699
published 2014-07-09

CVE-2014-4699: The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system…

PriorityP432medium6.9CVSS 2.0
AVLACMAuNCCICAC
EXPLOIT
EPSS
2.32%
81.3th percentile
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.

Affected

16 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debianlinux< linux 3.14.10-1 (bookworm)linux 3.14.10-1 (bookworm)
linuxlinux_kernel>= 0 < 3.14.10-13.14.10-1
linuxlinux_kernel>= 0 < 3.14.10-13.14.10-1
linuxlinux_kernel>= 0 < 3.14.10-13.14.10-1
linuxlinux_kernel>= 0 < 3.14.10-13.14.10-1
linuxlinux_kernel>= 2.6.17 < 3.2.613.2.61
linuxlinux_kernel>= 3.11 < 3.12.253.12.25
linuxlinux_kernel>= 3.13 < 3.14.113.14.11
linuxlinux_kernel>= 3.15 < 3.15.43.15.4
linuxlinux_kernel>= 3.3 < 3.4.973.4.97
linuxlinux_kernel>= 3.5 < 3.10.473.10.47

CVSS provenance

nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv6.9MEDIUM
vendor_debian6.9MEDIUM
vendor_redhat6.9MEDIUM
vendor_ubuntu2.9LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.