CVE-2014-3631

2014-09-2810:55:00

Debian Security Bug Tracker

security-tracker.debian.org

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

40.4%

JSON

The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple “keyctl newring” operations followed by a “keyctl timeout” operation.

OSVersionArchitecturePackageVersionFilename
Debian12alllinux< 3.16.3-1linux_3.16.3-1_all.deb
Debian11alllinux< 3.16.3-1linux_3.16.3-1_all.deb
Debian10alllinux< 3.16.3-1linux_3.16.3-1_all.deb
Debian999alllinux< 3.16.3-1linux_3.16.3-1_all.deb
Debian13alllinux< 3.16.3-1linux_3.16.3-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux	< 3.16.3-1	linux_3.16.3-1_all.deb
Debian	11	all	linux	< 3.16.3-1	linux_3.16.3-1_all.deb
Debian	10	all	linux	< 3.16.3-1	linux_3.16.3-1_all.deb
Debian	999	all	linux	< 3.16.3-1	linux_3.16.3-1_all.deb
Debian	13	all	linux	< 3.16.3-1	linux_3.16.3-1_all.deb