Lucene search

K

Ubuntu.comUB:CVE-2014-0102

HistoryMar 11, 2014 - 12:00 a.m.

CVE-2014-0102

2014-03-1100:00:00

ubuntu.com

ubuntu.com

7

5.2 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

5.1%

The keyring_detect_cycle_iterator function in security/keys/keyring.c in
the Linux kernel through 3.13.6 does not properly determine whether
keyrings are identical, which allows local users to cause a denial of
service (OOPS) via crafted keyctl commands.

Bugs

<https://launchpad.net/bugs/1293721>

Notes

Author	Note
jdstrand	android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels

References

lkml.org/lkml/2014/2/27/507

www.kernelhub.org/?msg=425013&p=2

www.openwall.com/lists/oss-security/2014/03/04/21

bugzilla.redhat.com/show_bug.cgi?id=1072419

launchpad.net/bugs/cve/CVE-2014-0102

nvd.nist.gov/vuln/detail/CVE-2014-0102

security-tracker.debian.org/tracker/CVE-2014-0102

www.cve.org/CVERecord?id=CVE-2014-0102

5.2 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

5.1%

Related for UB:CVE-2014-0102

cve1 prion1 seebug1 debiancve1 cvelist1 nvd1 fedora43 openvas54 nessus2