- Vulnerability/
- USN-2446-1
USN-2446-1: Linux kernel vulnerabilities
First published: Fri Dec 12 2014(Updated: )
Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. (CVE-2014-9322) An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. (CVE-2014-8134) Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2014-7826) A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3673) A flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-3687) It was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service. (CVE-2014-3688) Rabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the perf subsystem of the Linux kernel handles private systecall numbers. A local user could exploit this to cause a denial of service (OOPS) or bypass ASLR protections via a crafted application. (CVE-2014-7825) The KVM (kernel virtual machine) subsystem of the Linux kernel miscalculates the number of memory pages during the handling of a mapping failure. A guest OS user could exploit this to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. (CVE-2014-8369) Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register on the x86 architecture. A local attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-9090)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-3.13.0-43-generic | <3.13.0-43.72 | 3.13.0-43.72 |
| Ubuntu 22.04 LTS | =14.04 | |
| All of | ||
| ubuntu/linux-image-3.13.0-43-generic-lpae | <3.13.0-43.72 | 3.13.0-43.72 |
| Ubuntu 22.04 LTS | =14.04 | |
| All of | ||
| ubuntu/linux-image-3.13.0-43-lowlatency | <3.13.0-43.72 | 3.13.0-43.72 |
| Ubuntu 22.04 LTS | =14.04 | |
| All of | ||
| ubuntu/linux-image-3.13.0-43-powerpc-e500 | <3.13.0-43.72 | 3.13.0-43.72 |
| Ubuntu 22.04 LTS | =14.04 | |
| All of | ||
| ubuntu/linux-image-3.13.0-43-powerpc-e500mc | <3.13.0-43.72 | 3.13.0-43.72 |
| Ubuntu 22.04 LTS | =14.04 | |
| All of | ||
| ubuntu/linux-image-3.13.0-43-powerpc-smp | <3.13.0-43.72 | 3.13.0-43.72 |
| Ubuntu 22.04 LTS | =14.04 | |
| All of | ||
| ubuntu/linux-image-3.13.0-43-powerpc64-emb | <3.13.0-43.72 | 3.13.0-43.72 |
| Ubuntu 22.04 LTS | =14.04 | |
| All of | ||
| ubuntu/linux-image-3.13.0-43-powerpc64-smp | <3.13.0-43.72 | 3.13.0-43.72 |
| Ubuntu 22.04 LTS | =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2014-3673
- https://ubuntu.com/security/CVE-2014-3687
- https://ubuntu.com/security/CVE-2014-3688
- https://ubuntu.com/security/CVE-2014-7825
- https://ubuntu.com/security/CVE-2014-7826
- https://ubuntu.com/security/CVE-2014-8134
- https://ubuntu.com/security/CVE-2014-8369
- https://ubuntu.com/security/CVE-2014-9090
- https://ubuntu.com/security/CVE-2014-9322
- https://ubuntu.com/security/notices/USN-2442-1
- https://ubuntu.com/security/notices/USN-2445-1
- https://ubuntu.com/security/notices/USN-2447-1
- https://ubuntu.com/security/notices/USN-2417-1
- https://ubuntu.com/security/notices/USN-2448-1
- https://ubuntu.com/security/notices/USN-2441-1
- https://ubuntu.com/security/notices/USN-2418-1
- https://ubuntu.com/security/notices/USN-2443-1
- https://ubuntu.com/security/notices/USN-2444-1
- https://ubuntu.com/security/notices/USN-2464-1
- https://ubuntu.com/security/notices/USN-2463-1
- https://ubuntu.com/security/notices/USN-2491-1
- https://ubuntu.com/security/notices/USN-2462-1
- https://launchpad.net/ubuntu/+source/linux/3.13.0-43.72
- https://ubuntu.com/security/notices/USN-2446-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-2446-1?
USN-2446-1 has a high severity level due to the potential for privilege escalation by local attackers.
How do I fix USN-2446-1?
To fix USN-2446-1, you should upgrade to version 3.13.0-43.72 or later of the affected Linux kernel packages.
Which systems are affected by USN-2446-1?
USN-2446-1 affects Ubuntu 14.04 systems running specific versions of the Linux kernel.
What vulnerability does USN-2446-1 address?
USN-2446-1 addresses a vulnerability related to improper handling of faults in the Stack Segment register in the x86 architecture.
Is a reboot required to apply the fix for USN-2446-1?
Yes, a reboot is generally required to fully apply the security updates for USN-2446-1.
- agent/references
- agent/severity
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/title
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu 22.04 lts
- version/ubuntu 22.04 lts/14.04