CVE-2014-4699 (retired)

Priority
Description
The Linux kernel before 3.15.4 on Intel processors does not properly
restrict use of a non-canonical value for the saved RIP address in the case
of a system call that does not use IRET, which allows local users to
leverage a race condition and gain privileges, or cause a denial of service
(double fault), via a crafted application that makes ptrace and fork system
calls.
Ubuntu-Description
Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on
x86_64 processors. An attacker could exploit this flaw to cause a denial of
service (System Crash) or potential gain administrative privileges.
Notes
jdstrandandroid kernels (goldfish, grouper, maguro, mako and manta) are not
supported on the Ubuntu Touch 13.10 preview kernels
android kernels (flo, goldfish, grouper, maguro, mako and manta) are
not supported on the Ubuntu Touch 14.04 preview kernels
jjbegin sha1 is not actual commit that broke it just first kernel (2.6.17)
as reported by Andy Lutomirski
x86_64 only. Likely intel only
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (3.16~rc4)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.2.0-16.19)
Patches:
Introduced by
427abfa28afedffadfca9dd8b067eb6d36bac53f
Fixed by
b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a
Package
Upstream:released (3.16~rc4)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
This package is not directly supported by the Ubuntu Security Team
Package
Upstream:released (3.16~rc4)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.16~rc4)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (3.4.0-3.15)
Package
Upstream:released (3.16~rc4)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.16~rc4)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (3.4.0-4.23)
Package
Upstream:released (3.16~rc4)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.16~rc4)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.16~rc4)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.16~rc4)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.16~rc4)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Package
Upstream:released (3.16~rc4)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.16~rc4)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.16~rc4)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.16~rc4)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.16~rc4)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.16~rc4)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.16~rc4)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (3.4.0-5.34)
Package
Upstream:released (3.16~rc4)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (3.4.0-6.29)
Package
Upstream:released (3.16~rc4)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.16~rc4)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (3.16~rc4)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.2.0-1014.21)
Package
Upstream:released (3.16~rc4)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2019-10-09 07:50:46 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)