CVE-2014-3917
Last modified
CVE-2014-3917 is a vulnerability of currently unknown severity. kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.. EPSS estimates a 0.36% chance of exploitation in the next 30 days.
Description
kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Suse | Linux Enterprise Desktop | 10.0 | Sp4 |
| Redhat | Enterprise Linux | 5 | — |
| Redhat | Enterprise Linux | 6.0 | — |
| Redhat | Enterprise Mrg | 2.0 | — |
| Linux | Linux Kernel | <= 3.14.5 | — |
| Linux | Linux Kernel | 3.14 | — |
| Linux | Linux Kernel | 3.14.1 | — |
| Linux | Linux Kernel | 3.14.2 | — |
| Linux | Linux Kernel | 3.14.3 | — |
| Linux | Linux Kernel | 3.14.4 | — |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-3917?
How severe is CVE-2014-3917?
How do I fix CVE-2014-3917?
Are you affected by CVE-2014-3917?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST