CVE-2014-2851

MEDIUM

Description

Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.

References

http://secunia.com/advisories/59386

http://secunia.com/advisories/59599

http://www.debian.org/security/2014/dsa-2926

http://www.openwall.com/lists/oss-security/2014/04/11/4

http://www.securityfocus.com/bid/66779

http://www.securitytracker.com/id/1030769

https://bugzilla.redhat.com/show_bug.cgi?id=1086730

https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cac

https://lkml.org/lkml/2014/4/10/736

Details

Source: MITRE

Published: 2014-04-14

Updated: 2020-08-26

Type: CWE-416

Risk Information

CVSS v2.0

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 3.14.1 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (29 total)

IDNameProductFamilySeverity
124987EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1534)NessusHuawei Local Security Checks
critical
124803EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1479)NessusHuawei Local Security Checks
critical
99163OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)NessusOracleVM Local Security Checks
critical
83633SUSE SLES11 Security Update : kernel (SUSE-SU-2014:1105-1)NessusSuSE Local Security Checks
high
81800Oracle Linux 7 : kernel (ELSA-2015-0290)NessusOracle Linux Local Security Checks
high
79043RHEL 6 : kernel (RHSA-2014:1101)NessusRed Hat Local Security Checks
high
76948CentOS 6 : kernel (CESA-2014:0981)NessusCentOS Local Security Checks
high
76908RHEL 6 : kernel (RHSA-2014:0981)NessusRed Hat Local Security Checks
high
76901RHEL 7 : kernel (RHSA-2014:0786)NessusRed Hat Local Security Checks
high
76888Oracle Linux 6 : kernel (ELSA-2014-0981)NessusOracle Linux Local Security Checks
high
76738Oracle Linux 7 : kernel (ELSA-2014-0786)NessusOracle Linux Local Security Checks
high
76677RHEL 6 : MRG (RHSA-2014:0557)NessusRed Hat Local Security Checks
high
76557SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9488 / 9491 / 9493)NessusSuSE Local Security Checks
critical
76342openSUSE Security Update : kernel (openSUSE-SU-2014:0856-1)NessusSuSE Local Security Checks
high
76295Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2260-1)NessusUbuntu Local Security Checks
high
76228openSUSE Security Update : kernel (openSUSE-SU-2014:0840-1)NessusSuSE Local Security Checks
high
74513Mandriva Linux Security Advisory : kernel (MDVSA-2014:124)NessusMandriva Local Security Checks
critical
74215Ubuntu 13.10 : linux vulnerabilities (USN-2228-1)NessusUbuntu Local Security Checks
critical
74214Ubuntu 14.04 LTS : linux vulnerabilities (USN-2226-1)NessusUbuntu Local Security Checks
high
74213Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2225-1)NessusUbuntu Local Security Checks
critical
74212Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2224-1)NessusUbuntu Local Security Checks
critical
74211Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2223-1)NessusUbuntu Local Security Checks
critical
74184Ubuntu 12.04 LTS : linux vulnerabilities (USN-2221-1)NessusUbuntu Local Security Checks
critical
74101Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3034)NessusOracle Linux Local Security Checks
critical
73971Debian DSA-2926-1 : linux - security updateNessusDebian Local Security Checks
high
73872Fedora 19 : kernel-3.13.11-100.fc19 (2014-5609)NessusFedora Local Security Checks
medium
73628Fedora 20 : kernel-3.13.10-200.fc20 (2014-5235)NessusFedora Local Security Checks
medium
73607Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3019)NessusOracle Linux Local Security Checks
medium
73606Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3018)NessusOracle Linux Local Security Checks
medium