4.6

CVE-2014-2739

Exploit
The cma_req_handler function in drivers/infiniband/core/cma.c in the Linux kernel 3.14.x through 3.14.1 attempts to resolve an RDMA over Converged Ethernet (aka RoCE) address that is properly resolved within a different module, which allows remote attackers to cause a denial of service (incorrect pointer dereference and system crash) via crafted network traffic.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version3.14 Updaterc1
LinuxLinux Kernel Version3.14 Updaterc2
LinuxLinux Kernel Version3.14 Updaterc3
LinuxLinux Kernel Version3.14 Updaterc4
LinuxLinux Kernel Version3.14 Updaterc5
LinuxLinux Kernel Version3.14 Updaterc6
LinuxLinux Kernel Version3.14 Updaterc7
LinuxLinux Kernel Version3.14 Updaterc8
LinuxLinux Kernel Version3.14.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.6% 0.729
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 3.2 6.9
AV:A/AC:H/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b2853fd6c2d0f383dbdf7427e263eb576a633867
http://www.openwall.com/lists/oss-security/2014/04/10/9
Patch
http://www.securityfocus.com/bid/66716
https://bugzilla.redhat.com/show_bug.cgi?id=1085415
https://github.com/torvalds/linux/commit/b2853fd6c2d0f383dbdf7427e263eb576a633867
Exploit