Lucene search

[email protected]CVE-2014-0102

HistoryMar 11, 2014 - 1:01 p.m.

CVE-2014-0102

2014-03-1113:01:08

CWE-310

[email protected]

web.nvd.nist.gov

cve-2014-0102

keyring_detect_cycle_iterator

linux kernel

denial of service

oops

crafted keyctl commands

5.2 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:N/I:N/A:C

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service (OOPS) via crafted keyctl commands.

Affected configurations

NVD

Node

linuxlinux_kernelRange≤3.13.6

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle3.13.6

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	3.13.6

References

lkml.org/lkml/2014/2/27/507

www.kernelhub.org/?msg=425013&p=2

www.openwall.com/lists/oss-security/2014/03/04/21

bugzilla.redhat.com/show_bug.cgi?id=1072419

5.2 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:N/I:N/A:C

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2014-0102

prion1 ubuntucve1 seebug1 debiancve1 cvelist1 nvd1 fedora43 openvas54 nessus2