4.9

CVE-2014-3145

Exploit
The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions.  NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version <= 3.14.3
OracleLinux Version6 Update-
OracleLinux Version7 Update-
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version13.10
DebianDebian Linux Version7.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.65% 0.462
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://linux.oracle.com/errata/ELSA-2014-3052.html
Third Party Advisory
http://secunia.com/advisories/60613
Not Applicable
http://www.securitytracker.com/id/1038201
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2017-04-01
Patch
Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=05ab8f2647e4221cbdb3856dd7d32bd5407316b3
http://secunia.com/advisories/58990
Broken Link
http://secunia.com/advisories/59311
Not Applicable
http://secunia.com/advisories/59597
Broken Link
http://www.debian.org/security/2014/dsa-2949
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/05/09/6
Patch
Third Party Advisory
Mailing List
http://www.ubuntu.com/usn/USN-2251-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2252-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2259-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2261-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2262-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2263-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2264-1
Third Party Advisory
https://github.com/torvalds/linux/commit/05ab8f2647e4221cbdb3856dd7d32bd5407316b3
Patch
Third Party Advisory
Exploit
http://www.securityfocus.com/bid/67321
Third Party Advisory
VDB Entry