SB2014102311 - Fedora 21 update for kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2014102311

SB2014102311 - Fedora 21 update for kernel

Published: October 23, 2014 Updated: April 24, 2025

Security Bulletin ID SB2014102311
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Resource management error (CVE-ID: CVE-2014-3673)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.


2) Resource management error (CVE-ID: CVE-2014-3690)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.


3) Resource management error (CVE-ID: CVE-2014-3687)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.


4) Resource management error (CVE-ID: CVE-2014-3688)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c.


Remediation

Install update from vendor's website.

References