CVE-2014-7145

Related Files

Red Hat Security Advisory 2015-0102-01

Posted Jan 29, 2015

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0102-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. A race condition flaw was found in the way the Linux kernel's mmap, madvise, and fallocate system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service.

tags | advisory, remote, denial of service, kernel, local

systems | linux, redhat

advisories | CVE-2014-4171, CVE-2014-5471, CVE-2014-5472, CVE-2014-7145, CVE-2014-7822, CVE-2014-7841

SHA-256 | d6cb35f9eec16000c013c4d690821d03205cdba86b1d5048733ff6c4beccc835

Download | Favorite | View

Ubuntu Security Notice USN-2395-1

Posted Oct 30, 2014

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2395-1 - Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. Various other issues were also addressed.

tags | advisory, denial of service, kernel

systems | linux, ubuntu

advisories | CVE-2014-3610, CVE-2014-3611, CVE-2014-3646, CVE-2014-3647, CVE-2014-7145

SHA-256 | cbe5adeb256340729c24722da0132420fbce771084cef02f02569fc8720c64cd

Download | Favorite | View

Ubuntu Security Notice USN-2394-1

Posted Oct 30, 2014

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2394-1 - Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. Various other issues were also addressed.

tags | advisory, denial of service, kernel

systems | linux, ubuntu

advisories | CVE-2014-3610, CVE-2014-3611, CVE-2014-3646, CVE-2014-3647, CVE-2014-7145

SHA-256 | 8f5ed0f7e7e1843a5ee309f342ca16e238c19172360ab78300a22bde4e498b02

Download | Favorite | View