Novell Home

CVE-2014-0038

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2014-0038 at MITRE

Description

The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.

NVD CVSS v2 Base Score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Note from the SUSE Security Team

This security issue only affects Linux Kernel 3.4 and newer. openSUSE 12.3 and 13.1 will receive security updates. SUSE Linux Enterprise 12 will be fixed before shipment. SUSE Linux Enterprise 11 and older are not affected.

Novell Bugzilla entry: 860993

SUSE Security Advisories:

© 2014 Novell