4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
33.6%
The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter
function in net/core/filter.c in the Linux kernel through 3.14.3 uses the
reverse order in a certain subtraction, which allows local users to cause a
denial of service (over-read and system crash) via crafted BPF
instructions. NOTE: the affected code was moved to the
__skb_get_nlattr_nest function before the vulnerability was announced.
Author | Note |
---|---|
jdstrand | android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | linux | <Β 2.6.32-62.125 | UNKNOWN |
ubuntu | 12.04 | noarch | linux | <Β 3.2.0-65.98 | UNKNOWN |
ubuntu | 13.10 | noarch | linux | <Β 3.11.0-24.41 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | <Β 3.13.0-32.57 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | <Β 3.2.0-1635.50 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-ec2 | <Β 2.6.32-366.80 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-quantal | <Β 3.5.0-52.78~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-raring | <Β 3.8.0-44.66~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-saucy | <Β 3.11.0-24.41~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-trusty | <Β 3.13.0-32.57~precise1 | UNKNOWN |
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=05ab8f2647e4221cbdb3856dd7d32bd5407316b3
www.openwall.com/lists/oss-security/2014/05/09/6
git.kernel.org/linus/d214c7537bbf2f247991fb65b3420b0b3d712c67
github.com/torvalds/linux/commit/05ab8f2647e4221cbdb3856dd7d32bd5407316b3
launchpad.net/bugs/cve/CVE-2014-3145
nvd.nist.gov/vuln/detail/CVE-2014-3145
security-tracker.debian.org/tracker/CVE-2014-3145
ubuntu.com/security/notices/USN-2251-1
ubuntu.com/security/notices/USN-2252-1
ubuntu.com/security/notices/USN-2259-1
ubuntu.com/security/notices/USN-2261-1
ubuntu.com/security/notices/USN-2262-1
ubuntu.com/security/notices/USN-2263-1
ubuntu.com/security/notices/USN-2264-1
ubuntu.com/security/notices/USN-2286-1
ubuntu.com/security/notices/USN-2288-1
ubuntu.com/security/notices/USN-2290-1
www.cve.org/CVERecord?id=CVE-2014-3145