CVE-2014-1419 — acpi-support - security update

Description

Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors.

How to fix CVE-2014-1419

To remediate CVE-2014-1419, upgrade the affected package to a fixed version below.

Debian/acpi-support—upgrade to 0.142-2 or later
Debian/acpi-support—upgrade to 0.137-5+deb6u1 or later
Debian/acpi-support—upgrade to 0.140-5+deb7u1 or later

Is CVE-2014-1419 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 0.142-2
from 0, < 0.137-5+deb6u1
from 0, < 0.140-5+deb7u1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-1419