CVE-2014-1438
Published: 18 January 2014
The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application.
From the Ubuntu security team
halfdog reported an error in the AMD K7 and K8 platform support in the Linux kernel. An unprivileged local user could exploit this flaw on AMD based systems to cause a denial of service (task kill) or possibly gain privileges via a crafted application.
Priority
Medium
Status
Notes
| Author | Note |
|---|---|
| jdstrand | per upstream, should only affect AMD CPUs |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1438
- http://www.openwall.com/lists/oss-security/2014/01/14/1
- http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/
- https://lkml.org/lkml/2014/1/9/637
- https://ubuntu.com/security/notices/USN-2113-1
- https://ubuntu.com/security/notices/USN-2117-1
- https://ubuntu.com/security/notices/USN-2133-1
- https://ubuntu.com/security/notices/USN-2134-1
- https://ubuntu.com/security/notices/USN-2135-1
- https://ubuntu.com/security/notices/USN-2136-1
- https://ubuntu.com/security/notices/USN-2138-1
- https://ubuntu.com/security/notices/USN-2139-1
- https://ubuntu.com/security/notices/USN-2141-1
- https://ubuntu.com/security/notices/USN-2233-1
- https://ubuntu.com/security/notices/USN-2234-1
- NVD
- Launchpad
- Debian