CVE-2014-4699

Good to know:

icon

Date: July 9, 2014

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.

Language: C

Severity Score

Severity Score

Weakness Type (CWE)

Race Conditions

CWE-362

Top Fix

icon

Upgrade Version

Upgrade to version 3.15.4

Learn More

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): COMPLETE
Integrity (I): COMPLETE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us