6.5 Medium
AI Score
Confidence
Low
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
5.7%
Description
The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings. (CVE-2014-3122)
Impact
Allows local users to cause disruption of service.
Status
F5 Product Development has assigned ID 484317 (BIG-IP), ID 488801 (BIG-IQ), and ID 488802 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.
To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:
Product | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature |
---|---|---|---|
BIG-IP LTM | 11.1.0 - 11.6.0 | 12.0.0 | |
11.0.0 | |||
10.0.0 - 10.2.4 | Linux kernel | ||
BIG-IP AAM | 11.4.0 - 11.6.0 | 12.0.0 | Linux kernel |
BIG-IP AFM | 11.3.0 - 11.6.0 | 12.0.0 | Linux kernel |
BIG-IP Analytics | 11.1.0 - 11.6.0 | 12.0.0 | |
11.0.0 | Linux kernel | ||
BIG-IP APM | 11.1.0 - 11.6.0 | 12.0.0 | |
11.0.0 | |||
10.1.0 - 10.2.4 | Linux kernel | ||
BIG-IP ASM | 11.1.0 - 11.6.0 | 12.0.0 | |
11.0.0 | |||
10.0.0 - 10.2.4 | Linux kernel | ||
BIG-IP DNS | None | 12.0.0 | None |
BIG-IP Edge Gateway | 11.1.0 - 11.3.0 | 11.0.0 | |
10.1.0 - 10.2.4 | Linux kernel | ||
BIG-IP GTM | 11.1.0 - 11.6.0 | 11.0.0 | |
10.0.0 - 10.2.4 | Linux kernel | ||
BIG-IP Link Controller | 11.1.0 - 11.6.0 | 11.0.0 | |
10.0.0 - 10.2.4 | Linux kernel | ||
BIG-IP PEM | 11.3.0 - 11.6.0 | 12.0.0 | Linux kernel |
BIG-IP PSM | 11.1.0 - 11.4.1 | 12.0.0 | |
11.0.0 | |||
10.0.0 - 10.2.4 | Linux kernel | ||
BIG-IP WebAccelerator | 11.1.0 - 11.3.0 | 11.0.0 | |
10.0.0 - 10.2.4 | Linux kernel | ||
BIG-IP WOM | 11.1.0 - 11.3.0 | 11.0.0 | |
10.0.0 - 10.2.4 | Linux kernel | ||
ARX | None | 6.0.0 - 6.4.0 | None |
Enterprise Manager | 3.1.0 - 3.1.1 | 3.0.0 | |
2.1.0 - 2.3.0 | Linux kernel | ||
FirePass | None | 7.0.0 | |
6.0.0 - 6.1.0 | None | ||
BIG-IQ Cloud | 4.0.0 - 4.4.0 | None | Linux kernel |
BIG-IQ Device | 4.2.0 - 4.4.0 | None | Linux kernel |
BIG-IQ Security | 4.0.0 - 4.4.0 | None | Linux kernel |
LineRate | None | 2.2.0 - 2.5.0 | |
1.6.0 - 1.6.4 | None |
Recommended action
If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.
F5 is responding to this vulnerability as determined by the parameters defined in K4602: Overview of the F5 security vulnerability response policy.
Supplemental Information
CPE | Name | Operator | Version |
---|---|---|---|
big-ip afm | eq | 11.3.0 | |
big-ip afm | eq | 11.4.0 | |
big-ip afm | eq | 11.4.1 | |
big-ip afm | eq | 11.5.0 | |
big-ip afm | eq | 11.5.1 | |
big-ip afm | eq | 11.5.2 | |
big-ip afm | eq | 11.5.3 | |
big-ip afm | eq | 11.6.0 | |
big-ip afm | eq | 12.0.0 | |
big-ip analytics | eq | 11.0.0 |