CVE-2014-4699
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0114 (1.1%)
Percentil: 78.5%
EPSS: 2026-05-06
Afecta
linux:linux_kerneldebian:debian_linuxcanonical:ubuntu_linuxDescripción técnica
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.
Publicada: 9/7/2014, 11:07:03
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a
- http://linux.oracle.com/errata/ELSA-2014-0924.html
- http://linux.oracle.com/errata/ELSA-2014-3047.html
- http://linux.oracle.com/errata/ELSA-2014-3048.html
- http://openwall.com/lists/oss-security/2014/07/05/4
- http://openwall.com/lists/oss-security/2014/07/08/16
- http://openwall.com/lists/oss-security/2014/07/08/5
- http://packetstormsecurity.com/files/127573/Linux-Kernel-ptrace-sysret-Local-Privilege-Escalation.html