CVE-2014-7284

2014-10-1310:55:00

Debian Security Bug Tracker

security-tracker.debian.org

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.027 Low

EPSS

Percentile

90.3%

JSON

The net_get_random_once implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote attackers to spoof or disrupt IP communication by leveraging the predictability of TCP sequence numbers, TCP and UDP port numbers, and IP ID values.

OSVersionArchitecturePackageVersionFilename
Debian12alllinux< 3.16.2-1linux_3.16.2-1_all.deb
Debian11alllinux< 3.16.2-1linux_3.16.2-1_all.deb
Debian10alllinux< 3.16.2-1linux_3.16.2-1_all.deb
Debian999alllinux< 3.16.2-1linux_3.16.2-1_all.deb
Debian13alllinux< 3.16.2-1linux_3.16.2-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux	< 3.16.2-1	linux_3.16.2-1_all.deb
Debian	11	all	linux	< 3.16.2-1	linux_3.16.2-1_all.deb
Debian	10	all	linux	< 3.16.2-1	linux_3.16.2-1_all.deb
Debian	999	all	linux	< 3.16.2-1	linux_3.16.2-1_all.deb
Debian	13	all	linux	< 3.16.2-1	linux_3.16.2-1_all.deb