Linux Kernel ptrace SYSRET path Elevation Vulnerability
Release date:
Updated on:
Affected Systems:
Linux kernel 3.x
Linux kernel 2.x
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2014-4699
Linux Kernel is the Kernel of the Linux operating system.
Linux Kernel 2.6.32.63, 3.10.46, 3.2.60, 3.12.24, 3.14.10, 3.15.3, 3.4.96 do not properly recover some CPU registers after processing certain ptrace events, this allows attackers to tamper with tracee registers and gain Elevation of Privilege. This vulnerability affects only 64-bit systems running on Intel CPU.
<* Source: Andy Lutomirski
Link: http://secunia.com/advisories/59633/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.97
Https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.47
Https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.11
Https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.4
How to install Linux 3.11 Kernel on Ubuntu
The Ubuntu 13.10 (Saucy Salamander) Kernel has been upgraded to Linux Kernel 3.10 RC5
Linux Kernel 3.4.62 LTS is now available for download
How to install Linux kernel 13.10 On Ubuntu 3.12
Linux Kernel: click here
Linux Kernel: click here
This article permanently updates the link address: