Lucene search

[email protected]CVE-2014-2678

HistoryApr 01, 2014 - 6:35 a.m.

CVE-2014-2678

2014-04-0106:35:00

CWE-476

[email protected]

web.nvd.nist.gov

cve-2014-2678

linux kernel

rds_iw_laddr_check

denial of service

null pointer dereference

system crash

bind system call

rds socket

nvd

5.8 Medium

AI Score

Confidence

High

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

35.6%

JSON

The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle3.14
fedoraproject:fedorafedoraproject fedoraeq20
oracle:linuxoracle linuxeq5

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	3.14
fedoraproject:fedora	fedoraproject fedora	eq	20
oracle:linux	oracle linux	eq	5

References

linux.oracle.com/errata/ELSA-2014-0926-1.html

linux.oracle.com/errata/ELSA-2014-0926.html

lists.fedoraproject.org/pipermail/package-announce/2014-April/131276.html

secunia.com/advisories/59386

secunia.com/advisories/60130

secunia.com/advisories/60471

www.openwall.com/lists/oss-security/2014/03/31/10

www.securityfocus.com/bid/66543

lkml.org/lkml/2014/3/29/188

5.8 Medium

AI Score

Confidence

High

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

35.6%

JSON

Related for CVE-2014-2678

prion1 ubuntucve1 nessus25 seebug1 debiancve1 openvas66 oraclelinux3 redhat5 centos2 ubuntu8 suse9 veracode6 osv1 securityvulns2 fedora38