CVE-2014-1874

EPSS 0.06%
Published 28.02.2014 06:18:54
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.

Affected products Warnungen 0 Metrics 2 CWE 1 References 26

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 3.13.4

Suse ≫ Linux Enterprise Server Version10 Updatesp4 SwEditionltss

Canonical ≫ Ubuntu Linux Version10.04 SwEdition-

Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version12.10

Canonical ≫ Ubuntu Linux Version13.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.203

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.9	3.9	6.9	AV:L/AC:L/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html

Third Party Advisory

Mailing List

http://www.ubuntu.com/usn/USN-2128-1

Third Party Advisory

http://www.ubuntu.com/usn/USN-2129-1

Third Party Advisory

http://www.ubuntu.com/usn/USN-2133-1

Third Party Advisory

http://www.ubuntu.com/usn/USN-2134-1

Third Party Advisory

http://www.ubuntu.com/usn/USN-2135-1