CVE-2014-3534

arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Potential Mitigations

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/122.html
• https://cwe.mitre.org/data/definitions/233.html
• https://cwe.mitre.org/data/definitions/58.html

References

• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dab6cf55f81a6e16b8147aed9a843e1691dcd318
• http://secunia.com/advisories/59790
• http://secunia.com/advisories/60351
• http://www.debian.org/security/2014/dsa-2992
• http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8
• http://www.osvdb.org/109546
• http://www.securityfocus.com/bid/68940
• http://www.securitytracker.com/id/1030683
• https://bugzilla.redhat.com/show_bug.cgi?id=1114089
• https://exchange.xforce.ibmcloud.com/vulnerabilities/95069
• https://github.com/torvalds/linux/commit/dab6cf55f81a6e16b8147aed9a843e1691dcd318