SB2014051605 - SUSE Linux update for Linux Kernel
Published: May 16, 2014 Updated: May 12, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Race condition (CVE-ID: CVE-2014-0196)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2014-1737)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2014-1738)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.
Remediation
Install update from vendor's website.