Vulnerability-Lookup

CVE-2014-1438 (GCVE-0-2014-1438)

Vulnerability from cvelistv5 – Published: 2014-01-18 22:00 – Updated: 2024-08-06 09:42

Summary

The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.ubuntu.com/usn/USN-2135-1	vendor-advisoryx_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2138-1	vendor-advisoryx_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2113-1	vendor-advisoryx_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2141-1	vendor-advisoryx_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=1052914	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2014/01/14/1	mailing-listx_refsource_MLIST
	http://www.ubuntu.com/usn/USN-2136-1	vendor-advisoryx_refsource_UBUNTU
	http://www.securityfocus.com/bid/64781	vdb-entryx_refsource_BID
	http://www.ubuntu.com/usn/USN-2139-1	vendor-advisoryx_refsource_UBUNTU
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://git.kernel.org/?p=linux/kernel/git/torvald…	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2134-1	vendor-advisoryx_refsource_UBUNTU
	http://www.kernel.org/pub/linux/kernel/v3.x/Chang…	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.ubuntu.com/usn/USN-2117-1	vendor-advisoryx_refsource_UBUNTU
	https://github.com/torvalds/linux/commit/26bef131…	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2133-1	vendor-advisoryx_refsource_UBUNTU
	http://www.securitytracker.com/id/1029592	vdb-entryx_refsource_SECTRACK
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	https://lkml.org/lkml/2014/1/9/637	mailing-listx_refsource_MLIST
	http://www.halfdog.net/Security/2013/Vm86SyscallT…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:42:35.486Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2135-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2135-1"
          },
          {
            "name": "USN-2138-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2138-1"
          },
          {
            "name": "USN-2113-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2113-1"
          },
          {
            "name": "USN-2141-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2141-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052914"
          },
          {
            "name": "[oss-security] 20140114 Re: Linux kernel: missing CPU-state sanitation during task-switch causes DOS / privilege escalation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/01/14/1"
          },
          {
            "name": "USN-2136-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2136-1"
          },
          {
            "name": "64781",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/64781"
          },
          {
            "name": "USN-2139-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2139-1"
          },
          {
            "name": "FEDORA-2014-1062",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126874.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=26bef1318adc1b3a530ecc807ef99346db2aa8b0"
          },
          {
            "name": "USN-2134-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2134-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8"
          },
          {
            "name": "MDVSA-2014:038",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:038"
          },
          {
            "name": "USN-2117-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2117-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/26bef1318adc1b3a530ecc807ef99346db2aa8b0"
          },
          {
            "name": "USN-2133-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2133-1"
          },
          {
            "name": "1029592",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029592"
          },
          {
            "name": "FEDORA-2014-1072",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126858.html"
          },
          {
            "name": "[linux-kernel] 20140110 Re: Sanitize CPU-state when switching tasks (was sanitize CPU-state when switching from virtual-8086 mode to other task)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lkml.org/lkml/2014/1/9/637"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-01-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-03-10T11:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-2135-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2135-1"
        },
        {
          "name": "USN-2138-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2138-1"
        },
        {
          "name": "USN-2113-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2113-1"
        },
        {
          "name": "USN-2141-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2141-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052914"
        },
        {
          "name": "[oss-security] 20140114 Re: Linux kernel: missing CPU-state sanitation during task-switch causes DOS / privilege escalation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/01/14/1"
        },
        {
          "name": "USN-2136-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2136-1"
        },
        {
          "name": "64781",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/64781"
        },
        {
          "name": "USN-2139-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2139-1"
        },
        {
          "name": "FEDORA-2014-1062",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126874.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=26bef1318adc1b3a530ecc807ef99346db2aa8b0"
        },
        {
          "name": "USN-2134-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2134-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8"
        },
        {
          "name": "MDVSA-2014:038",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:038"
        },
        {
          "name": "USN-2117-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2117-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/26bef1318adc1b3a530ecc807ef99346db2aa8b0"
        },
        {
          "name": "USN-2133-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2133-1"
        },
        {
          "name": "1029592",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029592"
        },
        {
          "name": "FEDORA-2014-1072",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126858.html"
        },
        {
          "name": "[linux-kernel] 20140110 Re: Sanitize CPU-state when switching tasks (was sanitize CPU-state when switching from virtual-8086 mode to other task)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lkml.org/lkml/2014/1/9/637"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-1438",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-2135-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2135-1"
            },
            {
              "name": "USN-2138-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2138-1"
            },
            {
              "name": "USN-2113-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2113-1"
            },
            {
              "name": "USN-2141-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2141-1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1052914",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052914"
            },
            {
              "name": "[oss-security] 20140114 Re: Linux kernel: missing CPU-state sanitation during task-switch causes DOS / privilege escalation",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/01/14/1"
            },
            {
              "name": "USN-2136-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2136-1"
            },
            {
              "name": "64781",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/64781"
            },
            {
              "name": "USN-2139-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2139-1"
            },
            {
              "name": "FEDORA-2014-1062",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126874.html"
            },
            {
              "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26bef1318adc1b3a530ecc807ef99346db2aa8b0",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26bef1318adc1b3a530ecc807ef99346db2aa8b0"
            },
            {
              "name": "USN-2134-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2134-1"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8"
            },
            {
              "name": "MDVSA-2014:038",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:038"
            },
            {
              "name": "USN-2117-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2117-1"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/26bef1318adc1b3a530ecc807ef99346db2aa8b0",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/26bef1318adc1b3a530ecc807ef99346db2aa8b0"
            },
            {
              "name": "USN-2133-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2133-1"
            },
            {
              "name": "1029592",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029592"
            },
            {
              "name": "FEDORA-2014-1072",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126858.html"
            },
            {
              "name": "[linux-kernel] 20140110 Re: Sanitize CPU-state when switching tasks (was sanitize CPU-state when switching from virtual-8086 mode to other task)",
              "refsource": "MLIST",
              "url": "https://lkml.org/lkml/2014/1/9/637"
            },
            {
              "name": "http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/",
              "refsource": "MISC",
              "url": "http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-1438",
    "datePublished": "2014-01-18T22:00:00.000Z",
    "dateReserved": "2014-01-13T00:00:00.000Z",
    "dateUpdated": "2024-08-06T09:42:35.486Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2014-1438

Vulnerability from fkie_nvd - Published: 2014-01-18 22:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=26bef1318adc1b3a530ecc807ef99346db2aa8b0
	cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126858.html
	cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126874.html
	cve@mitre.org	http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/
	cve@mitre.org	http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8
	cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2014:038
	cve@mitre.org	http://www.openwall.com/lists/oss-security/2014/01/14/1
	cve@mitre.org	http://www.securityfocus.com/bid/64781
	cve@mitre.org	http://www.securitytracker.com/id/1029592
	cve@mitre.org	http://www.ubuntu.com/usn/USN-2113-1
	cve@mitre.org	http://www.ubuntu.com/usn/USN-2117-1
	cve@mitre.org	http://www.ubuntu.com/usn/USN-2133-1
	cve@mitre.org	http://www.ubuntu.com/usn/USN-2134-1
	cve@mitre.org	http://www.ubuntu.com/usn/USN-2135-1
	cve@mitre.org	http://www.ubuntu.com/usn/USN-2136-1
	cve@mitre.org	http://www.ubuntu.com/usn/USN-2138-1
	cve@mitre.org	http://www.ubuntu.com/usn/USN-2139-1
	cve@mitre.org	http://www.ubuntu.com/usn/USN-2141-1
	cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=1052914
	cve@mitre.org	https://github.com/torvalds/linux/commit/26bef1318adc1b3a530ecc807ef99346db2aa8b0
	cve@mitre.org	https://lkml.org/lkml/2014/1/9/637
	af854a3a-2127-422b-91ae-364da2661108	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=26bef1318adc1b3a530ecc807ef99346db2aa8b0
	af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126858.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126874.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/
	af854a3a-2127-422b-91ae-364da2661108	http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8
	af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2014:038
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2014/01/14/1
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/64781
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1029592
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2113-1
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2117-1
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2133-1
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2134-1
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2135-1
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2136-1
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2138-1
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2139-1
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2141-1
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1052914
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/torvalds/linux/commit/26bef1318adc1b3a530ecc807ef99346db2aa8b0
	af854a3a-2127-422b-91ae-364da2661108	https://lkml.org/lkml/2014/1/9/637

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	3.12
linux	linux_kernel	3.12.1
linux	linux_kernel	3.12.2
linux	linux_kernel	3.12.3
linux	linux_kernel	3.12.4
linux	linux_kernel	3.12.5
linux	linux_kernel	3.12.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "22BA3594-3370-4F0A-974A-0FC2FFB50BA5",
              "versionEndIncluding": "3.12.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B291154A-4B91-4A0E-AAAE-716A8BB7BF99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D835FBA1-49DE-4184-BEC8-7ED2B3F7B0BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "080BD3C9-0606-4D9A-B7AE-3DF9F75B8FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCDF0F11-3DB4-41F6-B6D3-383857884258",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FB1772A-F4AA-4AB8-9FC9-10993A6A5B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB5B4D7-C79C-448E-B0D4-A6A9C440F49C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.12.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C9A32A2-C1EC-4463-B21F-79E6592C5339",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n restore_fpu_checking en arch/x86/include/asm/fpu-internal.h en el kernel Linux anteriores a 3.12.8 en las plataformas AMD K7 y K8 no limpia las excepciones pendientes antes de proceder a una instrucci\u00f3n EMMS, lo cual permite a usuarios locales causar una denegaci\u00f3n de servicio (task kill) o posiblemente obtener privilegios a trav\u00e9s de una aplicaci\u00f3n manipulada."
    }
  ],
  "id": "CVE-2014-1438",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.7,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-01-18T22:55:03.210",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=26bef1318adc1b3a530ecc807ef99346db2aa8b0"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126858.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126874.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:038"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2014/01/14/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/64781"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1029592"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2113-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2117-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2133-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2134-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2135-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2136-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2138-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2139-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2141-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052914"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/torvalds/linux/commit/26bef1318adc1b3a530ecc807ef99346db2aa8b0"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lkml.org/lkml/2014/1/9/637"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=26bef1318adc1b3a530ecc807ef99346db2aa8b0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126858.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126874.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:038"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/01/14/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/64781"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1029592"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2113-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2117-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2133-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2134-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2135-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2136-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2138-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2139-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2141-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052914"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/torvalds/linux/commit/26bef1318adc1b3a530ecc807ef99346db2aa8b0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lkml.org/lkml/2014/1/9/637"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-XGVJ-FH76-MJ6G

Vulnerability from github – Published: 2022-05-17 04:49 – Updated: 2025-04-11 04:18

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-1438"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-01-18T22:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application.",
  "id": "GHSA-xgvj-fh76-mj6g",
  "modified": "2025-04-11T04:18:16Z",
  "published": "2022-05-17T04:49:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1438"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/26bef1318adc1b3a530ecc807ef99346db2aa8b0"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052914"
    },
    {
      "type": "WEB",
      "url": "https://lkml.org/lkml/2014/1/9/637"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=26bef1318adc1b3a530ecc807ef99346db2aa8b0"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26bef1318adc1b3a530ecc807ef99346db2aa8b0"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126858.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126874.html"
    },
    {
      "type": "WEB",
      "url": "http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:038"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2014/01/14/1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/64781"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1029592"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2113-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2117-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2133-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2134-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2135-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2136-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2138-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2139-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2141-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2014-AVI-073

Vulnerability from certfr_avis - Published: 2014-02-18 - Updated: 2014-02-18

De multiples vulnérabilités ont été corrigées dans le noyau Linux de Mandriva. Elles permettent à un attaquant de provoquer un déni de service et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

noyau Linux version 3.12.8 et antérieures

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Mandriva MDVSA-2014:038 du 17 février 2014	None	vendor-advisory
Bulletin de sécurité Mandriva MDVSA-2014:038 du 17 février 2014	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003enoyau Linux version 3.12.8 et ant\u00e9rieures\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-1438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1438"
    },
    {
      "name": "CVE-2014-1446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1446"
    },
    {
      "name": "CVE-2014-0038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0038"
    }
  ],
  "initial_release_date": "2014-02-18T00:00:00",
  "last_revision_date": "2014-02-18T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2014:038 du 17 f\u00e9vrier    2014",
      "url": "http://www.mandriva.com/fr/support/security/advisories/mbs1/MDVSA-2014:038/"
    }
  ],
  "reference": "CERTFR-2014-AVI-073",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-02-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de Mandriva\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Mandriva",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2014:038 du 17 f\u00e9vrier 2014",
      "url": null
    }
  ]
}

CERTFR-2014-AVI-107

Vulnerability from certfr_avis - Published: 2014-03-07 - Updated: 2014-03-07

De multiples vulnérabilités ont été corrigées dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un déni de service et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 12.10
Ubuntu	Ubuntu	Ubuntu 12.04 LTS
Ubuntu	Ubuntu	Ubuntu 13.10

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu usn-2138-1 du 07 mars 2014	None	vendor-advisory
Bulletin de sécurité Ubuntu usn-2140-1 du 07 mars 2014	None	vendor-advisory
Bulletin de sécurité Ubuntu usn-2133-1 du 07 mars 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 12.10",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 12.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 13.10",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-6368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6368"
    },
    {
      "name": "CVE-2014-1874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1874"
    },
    {
      "name": "CVE-2013-7271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7271"
    },
    {
      "name": "CVE-2013-7264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7264"
    },
    {
      "name": "CVE-2013-6382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6382"
    },
    {
      "name": "CVE-2014-1438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1438"
    },
    {
      "name": "CVE-2013-7270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7270"
    },
    {
      "name": "CVE-2013-7281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7281"
    },
    {
      "name": "CVE-2013-4587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4587"
    },
    {
      "name": "CVE-2013-7269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7269"
    },
    {
      "name": "CVE-2013-7263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7263"
    },
    {
      "name": "CVE-2014-2038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2038"
    },
    {
      "name": "CVE-2013-7265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7265"
    },
    {
      "name": "CVE-2014-1690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1690"
    },
    {
      "name": "CVE-2013-6367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6367"
    },
    {
      "name": "CVE-2014-1446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1446"
    },
    {
      "name": "CVE-2013-7268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7268"
    },
    {
      "name": "CVE-2013-7266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7266"
    },
    {
      "name": "CVE-2013-7267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7267"
    },
    {
      "name": "CVE-2013-4579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4579"
    }
  ],
  "initial_release_date": "2014-03-07T00:00:00",
  "last_revision_date": "2014-03-07T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-107",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-03-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le noyau Linux\nd\u0027\u003cspan class=\"textit\"\u003eUbuntu\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu usn-2138-1 du 07 mars 2014",
      "url": "http://www.ubuntu.com/usn/usn-2138-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu usn-2140-1 du 07 mars 2014",
      "url": "http://www.ubuntu.com/usn/usn-2140-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu usn-2133-1 du 07 mars 2014",
      "url": "http://www.ubuntu.com/usn/usn-2133-1/"
    }
  ]
}

CERTFR-2014-AVI-075

Vulnerability from certfr_avis - Published: 2014-02-19 - Updated: 2014-02-19

De multiples vulnérabilités ont été corrigées dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 12.10
Ubuntu	Ubuntu	Ubuntu 12.04 LTS
Ubuntu	Ubuntu	Ubuntu 13.10
Ubuntu	Ubuntu	Ubuntu 10.04 LTS

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-2112-1 du 18 février 2014	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-2113-1 du 18 février 2014	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-2107-1 du 18 février 2014	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-2111-1 du 18 février 2014	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-2117-1 du 18 février 2014	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-2116-1 du 18 février 2014	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-2115-1 du 18 février 2014	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-2110-1 du 18 février 2014	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-2108-1 du 18 février 2014	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-2114-1 du 18 février 2014	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-2109-1 du 18 février 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 12.10",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 12.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 13.10",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 10.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-6368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6368"
    },
    {
      "name": "CVE-2013-2929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2929"
    },
    {
      "name": "CVE-2013-7271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7271"
    },
    {
      "name": "CVE-2013-6432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6432"
    },
    {
      "name": "CVE-2013-7264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7264"
    },
    {
      "name": "CVE-2013-6382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6382"
    },
    {
      "name": "CVE-2013-6383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6383"
    },
    {
      "name": "CVE-2014-1438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1438"
    },
    {
      "name": "CVE-2013-7270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7270"
    },
    {
      "name": "CVE-2013-7281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7281"
    },
    {
      "name": "CVE-2013-6380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6380"
    },
    {
      "name": "CVE-2013-4587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4587"
    },
    {
      "name": "CVE-2013-7269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7269"
    },
    {
      "name": "CVE-2013-6378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6378"
    },
    {
      "name": "CVE-2013-4345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4345"
    },
    {
      "name": "CVE-2013-2930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2930"
    },
    {
      "name": "CVE-2013-7263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7263"
    },
    {
      "name": "CVE-2013-7265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7265"
    },
    {
      "name": "CVE-2013-6367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6367"
    },
    {
      "name": "CVE-2013-4563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4563"
    },
    {
      "name": "CVE-2014-1446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1446"
    },
    {
      "name": "CVE-2013-7268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7268"
    },
    {
      "name": "CVE-2013-7266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7266"
    },
    {
      "name": "CVE-2013-6376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6376"
    },
    {
      "name": "CVE-2013-7267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7267"
    },
    {
      "name": "CVE-2013-4579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4579"
    },
    {
      "name": "CVE-2013-4592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4592"
    }
  ],
  "initial_release_date": "2014-02-19T00:00:00",
  "last_revision_date": "2014-02-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-075",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-02-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le noyau Linux\nd\u0027\u003cspan class=\"textit\"\u003eUbuntu\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nun d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2112-1 du 18 f\u00e9vrier 2014",
      "url": "http://www.ubuntu.com/usn/usn-2112-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2113-1 du 18 f\u00e9vrier 2014",
      "url": "http://www.ubuntu.com/usn/usn-2113-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2107-1 du 18 f\u00e9vrier 2014",
      "url": "http://www.ubuntu.com/usn/usn-2107-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2111-1 du 18 f\u00e9vrier 2014",
      "url": "http://www.ubuntu.com/usn/usn-2111-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2117-1 du 18 f\u00e9vrier 2014",
      "url": "http://www.ubuntu.com/usn/usn-2117-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2116-1 du 18 f\u00e9vrier 2014",
      "url": "http://www.ubuntu.com/usn/usn-2116-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2115-1 du 18 f\u00e9vrier 2014",
      "url": "http://www.ubuntu.com/usn/usn-2115-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2110-1 du 18 f\u00e9vrier 2014",
      "url": "http://www.ubuntu.com/usn/usn-2110-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2108-1 du 18 f\u00e9vrier 2014",
      "url": "http://www.ubuntu.com/usn/usn-2108-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2114-1 du 18 f\u00e9vrier 2014",
      "url": "http://www.ubuntu.com/usn/usn-2114-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2109-1 du 18 f\u00e9vrier 2014",
      "url": "http://www.ubuntu.com/usn/usn-2109-1/"
    }
  ]
}

CERTFR-2014-AVI-256

Vulnerability from certfr_avis - Published: 2014-06-06 - Updated: 2014-06-06

De multiples vulnérabilités ont été corrigées dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un déni de service à distance, un déni de service et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 12.04 LTS
Ubuntu	Ubuntu	Ubuntu 13.10
Ubuntu	Ubuntu	Ubuntu 14.04 LTS
Ubuntu	Ubuntu	Ubuntu 10.04 LTS

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-2241-1 du 05 juin 2014	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-2239-1 du 05 juin 2014	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-2236-1 du 05 juin 2014	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-2237-1 du 05 juin 2014	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-2234-1 du 05 juin 2014	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-2238-1 du 05 juin 2014	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-2235-1 du 05 juin 2014	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-2233-1 du 05 juin 2014	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-2240-1 du 05 juin 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 12.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 13.10",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 14.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 10.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-4470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4470"
    },
    {
      "name": "CVE-2014-3122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3122"
    },
    {
      "name": "CVE-2014-0055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0055"
    },
    {
      "name": "CVE-2014-1438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1438"
    },
    {
      "name": "CVE-2013-4483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4483"
    },
    {
      "name": "CVE-2014-0155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0155"
    },
    {
      "name": "CVE-2014-2568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2568"
    },
    {
      "name": "CVE-2014-3153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3153"
    },
    {
      "name": "CVE-2013-4387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4387"
    }
  ],
  "initial_release_date": "2014-06-06T00:00:00",
  "last_revision_date": "2014-06-06T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-256",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-06-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le noyau Linux\nd\u0027\u003cspan class=\"textit\"\u003eUbuntu\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, un d\u00e9ni de service et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2241-1 du 05 juin 2014",
      "url": "http://www.ubuntu.com/usn/usn-2241-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2239-1 du 05 juin 2014",
      "url": "http://www.ubuntu.com/usn/usn-2239-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2236-1 du 05 juin 2014",
      "url": "http://www.ubuntu.com/usn/usn-2236-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2237-1 du 05 juin 2014",
      "url": "http://www.ubuntu.com/usn/usn-2237-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2234-1 du 05 juin 2014",
      "url": "http://www.ubuntu.com/usn/usn-2234-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2238-1 du 05 juin 2014",
      "url": "http://www.ubuntu.com/usn/usn-2238-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2235-1 du 05 juin 2014",
      "url": "http://www.ubuntu.com/usn/usn-2235-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2233-1 du 05 juin 2014",
      "url": "http://www.ubuntu.com/usn/usn-2233-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-2240-1 du 05 juin 2014",
      "url": "http://www.ubuntu.com/usn/usn-2240-1/"
    }
  ]
}

GSD-2014-1438

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-1438

Aliases

CVE-2014-1438

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-1438",
    "description": "The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application.",
    "id": "GSD-2014-1438",
    "references": [
      "https://www.suse.com/security/cve/CVE-2014-1438.html",
      "https://access.redhat.com/errata/RHSA-2014:0439",
      "https://advisories.mageia.org/CVE-2014-1438.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-1438"
      ],
      "details": "The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application.",
      "id": "GSD-2014-1438",
      "modified": "2023-12-13T01:22:51.343264Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2014-1438",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "USN-2135-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2135-1"
          },
          {
            "name": "USN-2138-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2138-1"
          },
          {
            "name": "USN-2113-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2113-1"
          },
          {
            "name": "USN-2141-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2141-1"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1052914",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052914"
          },
          {
            "name": "[oss-security] 20140114 Re: Linux kernel: missing CPU-state sanitation during task-switch causes DOS / privilege escalation",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2014/01/14/1"
          },
          {
            "name": "USN-2136-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2136-1"
          },
          {
            "name": "64781",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/64781"
          },
          {
            "name": "USN-2139-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2139-1"
          },
          {
            "name": "FEDORA-2014-1062",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126874.html"
          },
          {
            "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26bef1318adc1b3a530ecc807ef99346db2aa8b0",
            "refsource": "CONFIRM",
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26bef1318adc1b3a530ecc807ef99346db2aa8b0"
          },
          {
            "name": "USN-2134-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2134-1"
          },
          {
            "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8",
            "refsource": "CONFIRM",
            "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8"
          },
          {
            "name": "MDVSA-2014:038",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:038"
          },
          {
            "name": "USN-2117-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2117-1"
          },
          {
            "name": "https://github.com/torvalds/linux/commit/26bef1318adc1b3a530ecc807ef99346db2aa8b0",
            "refsource": "CONFIRM",
            "url": "https://github.com/torvalds/linux/commit/26bef1318adc1b3a530ecc807ef99346db2aa8b0"
          },
          {
            "name": "USN-2133-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2133-1"
          },
          {
            "name": "1029592",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1029592"
          },
          {
            "name": "FEDORA-2014-1072",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126858.html"
          },
          {
            "name": "[linux-kernel] 20140110 Re: Sanitize CPU-state when switching tasks (was sanitize CPU-state when switching from virtual-8086 mode to other task)",
            "refsource": "MLIST",
            "url": "https://lkml.org/lkml/2014/1/9/637"
          },
          {
            "name": "http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/",
            "refsource": "MISC",
            "url": "http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.12.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.12.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-1438"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8"
            },
            {
              "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26bef1318adc1b3a530ecc807ef99346db2aa8b0",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26bef1318adc1b3a530ecc807ef99346db2aa8b0"
            },
            {
              "name": "http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/"
            },
            {
              "name": "[oss-security] 20140114 Re: Linux kernel: missing CPU-state sanitation during task-switch causes DOS / privilege escalation",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2014/01/14/1"
            },
            {
              "name": "[linux-kernel] 20140110 Re: Sanitize CPU-state when switching tasks (was sanitize CPU-state when switching from virtual-8086 mode to other task)",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lkml.org/lkml/2014/1/9/637"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/26bef1318adc1b3a530ecc807ef99346db2aa8b0",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://github.com/torvalds/linux/commit/26bef1318adc1b3a530ecc807ef99346db2aa8b0"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1052914",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052914"
            },
            {
              "name": "64781",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/64781"
            },
            {
              "name": "1029592",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1029592"
            },
            {
              "name": "FEDORA-2014-1062",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126874.html"
            },
            {
              "name": "FEDORA-2014-1072",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126858.html"
            },
            {
              "name": "MDVSA-2014:038",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:038"
            },
            {
              "name": "USN-2113-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2113-1"
            },
            {
              "name": "USN-2117-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2117-1"
            },
            {
              "name": "USN-2133-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2133-1"
            },
            {
              "name": "USN-2138-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2138-1"
            },
            {
              "name": "USN-2136-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2136-1"
            },
            {
              "name": "USN-2134-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2134-1"
            },
            {
              "name": "USN-2139-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2139-1"
            },
            {
              "name": "USN-2141-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2141-1"
            },
            {
              "name": "USN-2135-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2135-1"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.7,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2014-03-16T04:45Z",
      "publishedDate": "2014-01-18T22:55Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-1438 (GCVE-0-2014-1438)

FKIE_CVE-2014-1438

GHSA-XGVJ-FH76-MJ6G

CERTFR-2014-AVI-073

Solution

CERTFR-2014-AVI-107

Solution

CERTFR-2014-AVI-075

Solution

CERTFR-2014-AVI-256

Solution

GSD-2014-1438

Tags

Sightings

Nomenclature