Published: 10/11/2014 Updated: 13/02/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 642

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

kernel/trace/trace_syscalls.c in the Linux kernel up to and including 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Several security issues were fixed in the kernel ...

USN-2448-1 introduced a regression in the Linux kernel ...

USN-2447-1 introduced a regression in the Linux kernel ...

Several security issues were fixed in the kernel ...

An out-of-bounds memory access flaw, CVE-2014-7825, was found in the syscall tracing functionality of the Linux kernel's perf subsystem A local, unprivileged user could use this flaw to crash the system Additionally, an out-of-bounds memory access flaw, CVE-2014-7826, was found in the syscall tracing functionality of the Linux kernel's ftrace sub ...

CWE-125 http://www.openwall.com/lists/oss-security/2014/11/06/11 https://github.com/torvalds/linux/commit/086ba77a6db00ed858ff07451bedee197df868c9 https://bugzilla.redhat.com/show_bug.cgi?id=1161565 http://rhn.redhat.com/errata/RHSA-2014-1943.html http://rhn.redhat.com/errata/RHSA-2015-0290.html http://www.securityfocus.com/bid/70972 https://exchange.xforce.ibmcloud.com/vulnerabilities/98557 http://rhn.redhat.com/errata/RHSA-2015-0864.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=086ba77a6db00ed858ff07451bedee197df868c9 https://nvd.nist.gov https://usn.ubuntu.com/2444-1/

CVE-2014-7825

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect