Main Vulnerability Database Exploits ID:4060 - Exploit for Race condition in Linux kernel - CVE-2014-4699

ID:4060 - Exploit for Race condition in Linux kernel - CVE-2014-4699

Published: August 11, 2020

Vulnerability identifier: #VU41492

Vulnerability risk: High

CVE-ID: CVE-2014-4699

CWE-ID: CWE-362

Exploitation vector: Remote access

Vulnerable software:
Linux kernel

Link to public exploit:

https://www.exploit-db.com/exploits/34134/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.

Remediation

Install update from vendor's website.

ID:4060 - Exploit for Race condition in Linux kernel - CVE-2014-4699

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human