[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-2568Date: (C)2014-07-11   (M)2024-04-17


Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.9
Exploit Score: 5.5
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: ADJACENT_NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECUNIA-59599
BID-66348
USN-2240-1
https://lkml.org/lkml/2014/3/20/421
http://seclists.org/oss-sec/2014/q1/627
http://www.openwall.com/lists/oss-security/2014/03/20/16
https://bugzilla.redhat.com/show_bug.cgi?id=1079012
linux-kernel-cve20142568-info-disclosure(91922)

CPE    2
cpe:/o:linux:linux_kernel
cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
CWE    1
CWE-416
OVAL    46
oval:org.secpod.oval:def:501329
oval:org.secpod.oval:def:702056
oval:org.secpod.oval:def:702072
oval:org.secpod.oval:def:1503941
...

© SecPod Technologies