CVE-2014-2568

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced.

References

http://seclists.org/oss-sec/2014/q1/627

http://secunia.com/advisories/59599

http://www.openwall.com/lists/oss-security/2014/03/20/16

http://www.securityfocus.com/bid/66348

http://www.ubuntu.com/usn/USN-2240-1

https://bugzilla.redhat.com/show_bug.cgi?id=1079012

https://exchange.xforce.ibmcloud.com/vulnerabilities/91922

https://lkml.org/lkml/2014/3/20/421

Details

Source: MITRE

Published: 2014-03-24

Updated: 2019-05-10

Type: CWE-416

Risk Information

CVSS v2

Base Score: 2.9

Vector: AV:A/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 5.5

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from 3.0 to 3.13.6 (inclusive)

Configuration 2

OR

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
124803EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1479)NessusHuawei Local Security Checks
critical
124796EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1472)NessusHuawei Local Security Checks
high
88545openSUSE Security Update : the Linux Kernel (openSUSE-2016-124)NessusSuSE Local Security Checks
high
81800Oracle Linux 7 : kernel (ELSA-2015-0290)NessusOracle Linux Local Security Checks
high
76901RHEL 7 : kernel (RHSA-2014:0786)NessusRed Hat Local Security Checks
high
76738Oracle Linux 7 : kernel (ELSA-2014-0786)NessusOracle Linux Local Security Checks
high
76295Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2260-1)NessusUbuntu Local Security Checks
high
74361Ubuntu 13.10 : linux vulnerabilities (USN-2241-1)NessusUbuntu Local Security Checks
high
74360Ubuntu 14.04 LTS : linux vulnerabilities (USN-2240-1)NessusUbuntu Local Security Checks
high
74359Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2239-1)NessusUbuntu Local Security Checks
high
73428Fedora 19 : kernel-3.13.9-100.fc19 (2014-4849)NessusFedora Local Security Checks
medium
73367Fedora 20 : kernel-3.13.8-200.fc20 (2014-4675)NessusFedora Local Security Checks
medium