CVE-2014-4157

arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure _TIF_SECCOMP checks on the fast system-call path, which allows local users to bypass intended PR_SET_SECCOMP restrictions by executing a crafted application without invoking a trace or audit subsystem.

Affected Software

Name	Vendor	Start Version	End Version
Linux_kernel	Linux	*	3.14.8 (excluding)
Linux	Ubuntu	upstream	*
Linux-armadaxp	Ubuntu	upstream	*
Linux-ec2	Ubuntu	upstream	*
Linux-flo	Ubuntu	upstream	*
Linux-fsl-imx51	Ubuntu	lucid	*
Linux-fsl-imx51	Ubuntu	upstream	*
Linux-goldfish	Ubuntu	saucy	*
Linux-goldfish	Ubuntu	upstream	*
Linux-grouper	Ubuntu	saucy	*
Linux-grouper	Ubuntu	upstream	*
Linux-linaro-omap	Ubuntu	precise	*
Linux-linaro-omap	Ubuntu	upstream	*
Linux-linaro-shared	Ubuntu	precise	*
Linux-linaro-shared	Ubuntu	upstream	*
Linux-linaro-vexpress	Ubuntu	precise	*
Linux-linaro-vexpress	Ubuntu	upstream	*
Linux-lts-quantal	Ubuntu	upstream	*
Linux-lts-raring	Ubuntu	upstream	*
Linux-lts-saucy	Ubuntu	upstream	*
Linux-lts-trusty	Ubuntu	upstream	*
Linux-maguro	Ubuntu	saucy	*
Linux-maguro	Ubuntu	upstream	*
Linux-mako	Ubuntu	saucy	*
Linux-mako	Ubuntu	upstream	*
Linux-manta	Ubuntu	saucy	*
Linux-manta	Ubuntu	upstream	*
Linux-mvl-dove	Ubuntu	lucid	*
Linux-mvl-dove	Ubuntu	upstream	*
Linux-qcm-msm	Ubuntu	lucid	*
Linux-qcm-msm	Ubuntu	precise	*
Linux-qcm-msm	Ubuntu	upstream	*
Linux-ti-omap4	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-4157
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References