Bug 1190546 (CVE-2014-9644)
Summary: | CVE-2014-9644 Linux kernel: crypto api unprivileged arbitrary module load via request_module() | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Wade Mealing <wmealing> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | aquini, ccoleman, dhoward, dmcphers, fhrbata, gansalmon, itamar, jforbes, jialiu, joelsmith, jokerman, jonathan, jrusnack, jwboyer, kernel-maint, kernel-mgr, lmeyer, madhu.chinakonda, mchehab, mmccomas, nmurray, plougher, pmatouse, rvrbovsk, slawomir, vgoyal |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 02:38:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1190547, 1190631, 1190927, 1199156, 1199157, 1199158 | ||
Bug Blocks: | 1185470 |
Description
Wade Mealing
2015-02-09 03:53:44 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1190927] Statement: This issue did not affect the versions of the kernel as shipped with Red Hat Enterprise Linux 4, 5, and 6. This issue affects the versions of the Linux as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2411 https://rhn.redhat.com/errata/RHSA-2015-2411.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2152 https://rhn.redhat.com/errata/RHSA-2015-2152.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2152 https://rhn.redhat.com/errata/RHSA-2015-2152.html |