| Description: | An information leak in the Linux kernel was discovered that could leak thehigh 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine(KVM) paravirt guests. A user in the guest OS could exploit this leak toobtain information that could potentially be used to aid in attacking thekernel. (CVE-2014-8134)Rabin Vincent, Robert Swiecki, Russell King discovered that the ftracesubsystem of the Linux kernel does not properly handle private syscallnumbers. A local user could exploit this flaw to cause a denial of service(OOPS). (CVE-2014-7826)Rabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how theperf subsystem of the Linux kernel handles private systecall numbers. Alocal user could exploit this to cause a denial of service (OOPS) or bypassASLR protections via a crafted application. (CVE-2014-7825)A null pointer dereference flaw was discovered in the the Linux kernel'sSCTP implementation when ASCONF is used. A remote attacker could exploitthis flaw to cause a denial of service (system crash) via a malformed INITchunk. (CVE-2014-7841)A stack buffer overflow was discovered in the ioctl command handling forthe Technotrend/Hauppauge USB DEC devices driver. A local user couldexploit this flaw to cause a denial of service (system crash) or possiblygain privileges. (CVE-2014-8884)Andy Lutomirski discovered that the Linux kernel does not properly handlefaults associated with the Stack Segment (SS) register on the x86architecture. A local attacker could exploit this flaw to cause a denial ofservice (panic). (CVE-2014-9090) |