CVE-2014-0038

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2014-0038 at MITRE

Description

The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.89
Vector AV:L/AC:M/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Note from the SUSE Security Team

This security issue only affects Linux Kernel 3.4 and newer. openSUSE 12.3 and 13.1 will receive security updates. SUSE Linux Enterprise 12 will be fixed before shipment. SUSE Linux Enterprise 11 and older are not affected.

SUSE Bugzilla entry: 860993 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • kernel-debug >= 3.7.10-1.28.1
  • kernel-debug-base >= 3.7.10-1.28.1
  • kernel-debug-base-debuginfo >= 3.7.10-1.28.1
  • kernel-debug-debuginfo >= 3.7.10-1.28.1
  • kernel-debug-debugsource >= 3.7.10-1.28.1
  • kernel-debug-devel >= 3.7.10-1.28.1
  • kernel-debug-devel-debuginfo >= 3.7.10-1.28.1
  • kernel-default >= 3.7.10-1.28.1
  • kernel-default-base >= 3.7.10-1.28.1
  • kernel-default-base-debuginfo >= 3.7.10-1.28.1
  • kernel-default-debuginfo >= 3.7.10-1.28.1
  • kernel-default-debugsource >= 3.7.10-1.28.1
  • kernel-default-devel >= 3.7.10-1.28.1
  • kernel-default-devel-debuginfo >= 3.7.10-1.28.1
  • kernel-desktop >= 3.7.10-1.28.1
  • kernel-desktop-base >= 3.7.10-1.28.1
  • kernel-desktop-base-debuginfo >= 3.7.10-1.28.1
  • kernel-desktop-debuginfo >= 3.7.10-1.28.1
  • kernel-desktop-debugsource >= 3.7.10-1.28.1
  • kernel-desktop-devel >= 3.7.10-1.28.1
  • kernel-desktop-devel-debuginfo >= 3.7.10-1.28.1
  • kernel-devel >= 3.7.10-1.28.1
  • kernel-docs >= 3.7.10-1.28.2
  • kernel-ec2 >= 3.7.10-1.28.1
  • kernel-ec2-base >= 3.7.10-1.28.1
  • kernel-ec2-base-debuginfo >= 3.7.10-1.28.1
  • kernel-ec2-debuginfo >= 3.7.10-1.28.1
  • kernel-ec2-debugsource >= 3.7.10-1.28.1
  • kernel-ec2-devel >= 3.7.10-1.28.1
  • kernel-ec2-devel-debuginfo >= 3.7.10-1.28.1
  • kernel-pae >= 3.7.10-1.28.1
  • kernel-pae-base >= 3.7.10-1.28.1
  • kernel-pae-base-debuginfo >= 3.7.10-1.28.1
  • kernel-pae-debuginfo >= 3.7.10-1.28.1
  • kernel-pae-debugsource >= 3.7.10-1.28.1
  • kernel-pae-devel >= 3.7.10-1.28.1
  • kernel-pae-devel-debuginfo >= 3.7.10-1.28.1
  • kernel-source >= 3.7.10-1.28.1
  • kernel-source-vanilla >= 3.7.10-1.28.1
  • kernel-syms >= 3.7.10-1.28.1
  • kernel-trace >= 3.7.10-1.28.1
  • kernel-trace-base >= 3.7.10-1.28.1
  • kernel-trace-base-debuginfo >= 3.7.10-1.28.1
  • kernel-trace-debuginfo >= 3.7.10-1.28.1
  • kernel-trace-debugsource >= 3.7.10-1.28.1
  • kernel-trace-devel >= 3.7.10-1.28.1
  • kernel-trace-devel-debuginfo >= 3.7.10-1.28.1
  • kernel-vanilla >= 3.7.10-1.28.1
  • kernel-vanilla-debuginfo >= 3.7.10-1.28.1
  • kernel-vanilla-debugsource >= 3.7.10-1.28.1
  • kernel-vanilla-devel >= 3.7.10-1.28.1
  • kernel-vanilla-devel-debuginfo >= 3.7.10-1.28.1
  • kernel-xen >= 3.7.10-1.28.1
  • kernel-xen-base >= 3.7.10-1.28.1
  • kernel-xen-base-debuginfo >= 3.7.10-1.28.1
  • kernel-xen-debuginfo >= 3.7.10-1.28.1
  • kernel-xen-debugsource >= 3.7.10-1.28.1
  • kernel-xen-devel >= 3.7.10-1.28.1
  • kernel-xen-devel-debuginfo >= 3.7.10-1.28.1
Patchnames:
openSUSE-2014-113
openSUSE 13.1
  • kernel-debug >= 3.11.10-7.1
  • kernel-debug-base >= 3.11.10-7.1
  • kernel-debug-base-debuginfo >= 3.11.10-7.1
  • kernel-debug-debuginfo >= 3.11.10-7.1
  • kernel-debug-debugsource >= 3.11.10-7.1
  • kernel-debug-devel >= 3.11.10-7.1
  • kernel-debug-devel-debuginfo >= 3.11.10-7.1
  • kernel-default >= 3.11.10-7.1
  • kernel-default-base >= 3.11.10-7.1
  • kernel-default-base-debuginfo >= 3.11.10-7.1
  • kernel-default-debuginfo >= 3.11.10-7.1
  • kernel-default-debugsource >= 3.11.10-7.1
  • kernel-default-devel >= 3.11.10-7.1
  • kernel-default-devel-debuginfo >= 3.11.10-7.1
  • kernel-desktop >= 3.11.10-7.1
  • kernel-desktop-base >= 3.11.10-7.1
  • kernel-desktop-base-debuginfo >= 3.11.10-7.1
  • kernel-desktop-debuginfo >= 3.11.10-7.1
  • kernel-desktop-debugsource >= 3.11.10-7.1
  • kernel-desktop-devel >= 3.11.10-7.1
  • kernel-desktop-devel-debuginfo >= 3.11.10-7.1
  • kernel-devel >= 3.11.10-7.1
  • kernel-docs >= 3.11.10-7.3
  • kernel-ec2 >= 3.11.10-7.1
  • kernel-ec2-base >= 3.11.10-7.1
  • kernel-ec2-base-debuginfo >= 3.11.10-7.1
  • kernel-ec2-debuginfo >= 3.11.10-7.1
  • kernel-ec2-debugsource >= 3.11.10-7.1
  • kernel-ec2-devel >= 3.11.10-7.1
  • kernel-ec2-devel-debuginfo >= 3.11.10-7.1
  • kernel-pae >= 3.11.10-7.1
  • kernel-pae-base >= 3.11.10-7.1
  • kernel-pae-base-debuginfo >= 3.11.10-7.1
  • kernel-pae-debuginfo >= 3.11.10-7.1
  • kernel-pae-debugsource >= 3.11.10-7.1
  • kernel-pae-devel >= 3.11.10-7.1
  • kernel-pae-devel-debuginfo >= 3.11.10-7.1
  • kernel-source >= 3.11.10-7.1
  • kernel-source-vanilla >= 3.11.10-7.1
  • kernel-syms >= 3.11.10-7.1
  • kernel-trace >= 3.11.10-7.1
  • kernel-trace-base >= 3.11.10-7.1
  • kernel-trace-base-debuginfo >= 3.11.10-7.1
  • kernel-trace-debuginfo >= 3.11.10-7.1
  • kernel-trace-debugsource >= 3.11.10-7.1
  • kernel-trace-devel >= 3.11.10-7.1
  • kernel-trace-devel-debuginfo >= 3.11.10-7.1
  • kernel-vanilla >= 3.11.10-7.1
  • kernel-vanilla-debuginfo >= 3.11.10-7.1
  • kernel-vanilla-debugsource >= 3.11.10-7.1
  • kernel-vanilla-devel >= 3.11.10-7.1
  • kernel-vanilla-devel-debuginfo >= 3.11.10-7.1
  • kernel-xen >= 3.11.10-7.1
  • kernel-xen-base >= 3.11.10-7.1
  • kernel-xen-base-debuginfo >= 3.11.10-7.1
  • kernel-xen-debuginfo >= 3.11.10-7.1
  • kernel-xen-debugsource >= 3.11.10-7.1
  • kernel-xen-devel >= 3.11.10-7.1
  • kernel-xen-devel-debuginfo >= 3.11.10-7.1
Patchnames:
openSUSE-2014-114