CVE-2014-3534

Published: Aug 1, 2014Modified: May 6, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.

Affected (7)

Products: Linux: Linux Kernel · Debian: Debian Linux

1 product

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 3.2.62
Linux Linux Kernel	From 3.11 to 3.12.27
Linux Linux Kernel	From 3.13 to 3.14.15
Linux Linux Kernel	From 3.15 to 3.15.8
Linux Linux Kernel	From 3.3 to 3.4.101
Linux Linux Kernel	From 3.5 to 3.10.51

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (22)

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dab6cf55f81a6e16b8147aed9a843e1691dcd318

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/59790

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/60351

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2014/dsa-2992

Source: secalert@redhat.com

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8

Source: secalert@redhat.com

Release NotesVendor Advisory

http://www.osvdb.org/109546

Source: secalert@redhat.com

Broken Link

http://www.securityfocus.com/bid/68940

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1030683

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1114089

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/95069

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://github.com/torvalds/linux/commit/dab6cf55f81a6e16b8147aed9a843e1691dcd318

Source: secalert@redhat.com

PatchThird Party Advisory

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dab6cf55f81a6e16b8147aed9a843e1691dcd318

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://secunia.com/advisories/59790

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/60351

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.debian.org/security/2014/dsa-2992

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

http://www.osvdb.org/109546

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.securityfocus.com/bid/68940

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1030683

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1114089

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/95069

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://github.com/torvalds/linux/commit/dab6cf55f81a6e16b8147aed9a843e1691dcd318

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.