USN-2443-1: Linux kernel vulnerabilities
First published: Fri Dec 12 2014(Updated: )
Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. (CVE-2014-9322) An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. (CVE-2014-8134) Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2014-7826) Rabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the perf subsystem of the Linux kernel handles private systecall numbers. A local user could exploit this to cause a denial of service (OOPS) or bypass ASLR protections via a crafted application. (CVE-2014-7825) A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841) A stack buffer overflow was discovered in the ioctl command handling for the Technotrend/Hauppauge USB DEC devices driver. A local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges. (CVE-2014-8884) Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register on the x86 architecture. A local attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-9090)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-3.2.0-74-highbank | <3.2.0-74.109 | 3.2.0-74.109 |
| Ubuntu 22.04 LTS | =12.04 | |
| All of | ||
| ubuntu/linux-image-3.2.0-74-generic-pae | <3.2.0-74.109 | 3.2.0-74.109 |
| Ubuntu 22.04 LTS | =12.04 | |
| All of | ||
| ubuntu/linux-image-3.2.0-74-powerpc64-smp | <3.2.0-74.109 | 3.2.0-74.109 |
| Ubuntu 22.04 LTS | =12.04 | |
| All of | ||
| ubuntu/linux-image-3.2.0-74-omap | <3.2.0-74.109 | 3.2.0-74.109 |
| Ubuntu 22.04 LTS | =12.04 | |
| All of | ||
| ubuntu/linux-image-3.2.0-74-generic | <3.2.0-74.109 | 3.2.0-74.109 |
| Ubuntu 22.04 LTS | =12.04 | |
| All of | ||
| ubuntu/linux-image-3.2.0-74-powerpc-smp | <3.2.0-74.109 | 3.2.0-74.109 |
| Ubuntu 22.04 LTS | =12.04 | |
| All of | ||
| ubuntu/linux-image-3.2.0-74-virtual | <3.2.0-74.109 | 3.2.0-74.109 |
| Ubuntu 22.04 LTS | =12.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2014-7825
- https://ubuntu.com/security/CVE-2014-7826
- https://ubuntu.com/security/CVE-2014-7841
- https://ubuntu.com/security/CVE-2014-8134
- https://ubuntu.com/security/CVE-2014-8884
- https://ubuntu.com/security/CVE-2014-9090
- https://ubuntu.com/security/CVE-2014-9322
- https://ubuntu.com/security/notices/USN-2445-1
- https://ubuntu.com/security/notices/USN-2447-1
- https://ubuntu.com/security/notices/USN-2448-1
- https://ubuntu.com/security/notices/USN-2446-1
- https://ubuntu.com/security/notices/USN-2444-1
- https://ubuntu.com/security/notices/USN-2468-1
- https://ubuntu.com/security/notices/USN-2442-1
- https://ubuntu.com/security/notices/USN-2467-1
- https://ubuntu.com/security/notices/USN-2465-1
- https://ubuntu.com/security/notices/USN-2441-1
- https://ubuntu.com/security/notices/USN-2466-1
- https://ubuntu.com/security/notices/USN-2464-1
- https://ubuntu.com/security/notices/USN-2491-1
- https://ubuntu.com/security/notices/USN-2462-1
- https://launchpad.net/ubuntu/+source/linux/3.2.0-74.109
- https://ubuntu.com/security/notices/USN-2443-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-2443-1?
The vulnerability identified in USN-2443-1 is of high severity as it allows local attackers to gain administrative privileges.
How do I fix USN-2443-1?
To fix USN-2443-1, upgrade the Linux kernel to version 3.2.0-74.109 or later on Ubuntu 12.04.
What systems are affected by USN-2443-1?
USN-2443-1 affects Ubuntu 12.04 with specific Linux kernel versions including 3.2.0-74-highbank, 3.2.0-74-generic, and others.
Can USN-2443-1 be exploited remotely?
No, USN-2443-1 requires local access to the system for exploitation.
What is the CVE associated with USN-2443-1?
The CVE associated with USN-2443-1 is CVE-2014-9322.
- agent/severity
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/title
- agent/references
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu 22.04 lts
- version/ubuntu 22.04 lts/12.04