CVE - CVE-2014-3534

CVE-ID
CVE-2014-3534	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1030683 URL:http://www.securitytracker.com/id/1030683 MISC:109546 URL:http://www.osvdb.org/109546 MISC:59790 URL:http://secunia.com/advisories/59790 MISC:60351 URL:http://secunia.com/advisories/60351 MISC:68940 URL:http://www.securityfocus.com/bid/68940 MISC:DSA-2992 URL:http://www.debian.org/security/2014/dsa-2992 MISC:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dab6cf55f81a6e16b8147aed9a843e1691dcd318 URL:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dab6cf55f81a6e16b8147aed9a843e1691dcd318 MISC:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8 URL:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1114089 URL:https://bugzilla.redhat.com/show_bug.cgi?id=1114089 MISC:https://github.com/torvalds/linux/commit/dab6cf55f81a6e16b8147aed9a843e1691dcd318 URL:https://github.com/torvalds/linux/commit/dab6cf55f81a6e16b8147aed9a843e1691dcd318 MISC:linux-cve20143534-priv-esc(95069) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/95069
Assigning CNA
Red Hat, Inc.
Date Record Created
20140514	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20140514)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)