CVE-2014-4699
Publication date 4 July 2014
Last updated 24 July 2024
Ubuntu priority
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.
From the Ubuntu Security Team
Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| linux | ||
| 14.04 LTS trusty |
Fixed 3.13.0-30.55
|
|
| linux-armadaxp | ||
| 14.04 LTS trusty | Not in release | |
| linux-ec2 | ||
| 14.04 LTS trusty | Not in release | |
| linux-flo | ||
| 14.04 LTS trusty | Not in release | |
| linux-fsl-imx51 | ||
| 14.04 LTS trusty | Not in release | |
| linux-goldfish | ||
| 14.04 LTS trusty | Not in release | |
| linux-grouper | ||
| 14.04 LTS trusty | Not in release | |
| linux-linaro-omap | ||
| 14.04 LTS trusty | Not in release | |
| linux-linaro-shared | ||
| 14.04 LTS trusty | Not in release | |
| linux-linaro-vexpress | ||
| 14.04 LTS trusty | Not in release | |
| linux-lts-quantal | ||
| 14.04 LTS trusty | Not in release | |
| linux-lts-raring | ||
| 14.04 LTS trusty | Not in release | |
| linux-lts-saucy | ||
| 14.04 LTS trusty | Not in release | |
| linux-lts-trusty | ||
| 14.04 LTS trusty | Not in release | |
| linux-lts-utopic | ||
| 14.04 LTS trusty | Not in release | |
| linux-lts-vivid | ||
| 14.04 LTS trusty | Not in release | |
| linux-maguro | ||
| 14.04 LTS trusty | Not in release | |
| linux-mako | ||
| 14.04 LTS trusty | Not in release | |
| linux-manta | ||
| 14.04 LTS trusty | Not in release | |
| linux-mvl-dove | ||
| 14.04 LTS trusty | Not in release | |
| linux-qcm-msm | ||
| 14.04 LTS trusty | Not in release | |
| linux-raspi2 | ||
| 14.04 LTS trusty | Not in release | |
| linux-ti-omap4 | ||
| 14.04 LTS trusty | Not in release | |
Notes
jdstrand
android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels
jj
begin sha1 is not actual commit that broke it just first kernel (2.6.17) as reported by Andy Lutomirski x86_64 only. Likely intel only
References
Related Ubuntu Security Notices (USN)
- USN-2270-1
- Linux kernel (Raring HWE) vulnerability
- 5 July 2014
- USN-2274-1
- Linux kernel vulnerability
- 5 July 2014
- USN-2266-1
- Linux kernel vulnerability
- 5 July 2014
- USN-2269-1
- Linux kernel (Quantal HWE) vulnerability
- 5 July 2014
- USN-2271-1
- Linux kernel (Saucy HWE) vulnerability
- 5 July 2014
- USN-2272-1
- Linux kernel (Trusty HWE) vulnerability
- 5 July 2014
- USN-2267-1
- Linux kernel (EC2) vulnerability
- 5 July 2014
- USN-2273-1
- Linux kernel vulnerability
- 5 July 2014
- USN-2268-1
- Linux kernel vulnerability
- 5 July 2014
- USN-2284-1
- Linux kernel (OMAP4) vulnerabilities
- 16 July 2014