[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-3145Date: (C)2014-05-15   (M)2024-03-25


The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.9
Exploit Score: 3.9
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: COMPLETE
  
Reference:
SECTRACK-1038201
SECUNIA-58990
SECUNIA-59311
SECUNIA-59597
SECUNIA-60613
BID-67321
DSA-2949
USN-2251-1
USN-2252-1
USN-2259-1
USN-2261-1
USN-2262-1
USN-2263-1
USN-2264-1
http://www.openwall.com/lists/oss-security/2014/05/09/6
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=05ab8f2647e4221cbdb3856dd7d32bd5407316b3
http://linux.oracle.com/errata/ELSA-2014-3052.html
https://github.com/torvalds/linux/commit/05ab8f2647e4221cbdb3856dd7d32bd5407316b3
https://source.android.com/security/bulletin/2017-04-01

CPE    4
cpe:/o:debian:debian_linux:7.0
cpe:/o:linux:linux_kernel
cpe:/o:canonical:ubuntu_linux:12.04::~~esm~~~
cpe:/o:canonical:ubuntu_linux:13.10
...
CWE    1
CWE-125
OVAL    54
oval:org.secpod.oval:def:702097
oval:org.secpod.oval:def:702093
oval:org.secpod.oval:def:702091
oval:org.secpod.oval:def:1500657
...

© SecPod Technologies