CVE-2014-3145

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=05ab8f2647e4221cbdb3856dd7d32bd5407316b3

http://linux.oracle.com/errata/ELSA-2014-3052.html

http://secunia.com/advisories/58990

http://secunia.com/advisories/59311

http://secunia.com/advisories/59597

http://secunia.com/advisories/60613

http://www.debian.org/security/2014/dsa-2949

http://www.openwall.com/lists/oss-security/2014/05/09/6

http://www.securityfocus.com/bid/67321

http://www.securitytracker.com/id/1038201

http://www.ubuntu.com/usn/USN-2251-1

http://www.ubuntu.com/usn/USN-2252-1

http://www.ubuntu.com/usn/USN-2259-1

http://www.ubuntu.com/usn/USN-2261-1

http://www.ubuntu.com/usn/USN-2262-1

http://www.ubuntu.com/usn/USN-2263-1

http://www.ubuntu.com/usn/USN-2264-1

https://github.com/torvalds/linux/commit/05ab8f2647e4221cbdb3856dd7d32bd5407316b3

https://source.android.com/security/bulletin/2017-04-01

Details

Source: MITRE

Published: 2014-05-11

Updated: 2020-08-19

Type: CWE-125

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

Tenable Plugins

View all (33 total)

IDNameProductFamilySeverity
124810EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1486)NessusHuawei Local Security Checks
high
124803EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1479)NessusHuawei Local Security Checks
critical
99163OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)NessusOracleVM Local Security Checks
critical
83842FreeBSD : cURL -- multiple vulnerabilities (6294f75f-03f2-11e5-aab1-d050996490d0)NessusFreeBSD Local Security Checks
medium
83640SUSE SLES11 Security Update : kernel (SUSE-SU-2014:1138-1)NessusSuSE Local Security Checks
medium
83633SUSE SLES11 Security Update : kernel (SUSE-SU-2014:1105-1)NessusSuSE Local Security Checks
high
81800Oracle Linux 7 : kernel (ELSA-2015-0290)NessusOracle Linux Local Security Checks
high
77355Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3070)NessusOracle Linux Local Security Checks
high
76988openSUSE Security Update : kernel (openSUSE-SU-2014:0957-1)NessusSuSE Local Security Checks
medium
76948CentOS 6 : kernel (CESA-2014:0981)NessusCentOS Local Security Checks
high
76928Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2014-3054)NessusOracle Linux Local Security Checks
medium
76927Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2014-3053)NessusOracle Linux Local Security Checks
medium
76926Oracle Linux 6 / 7 : unbreakable enterprise kernel (ELSA-2014-3052)NessusOracle Linux Local Security Checks
high
76908RHEL 6 : kernel (RHSA-2014:0981)NessusRed Hat Local Security Checks
high
76901RHEL 7 : kernel (RHSA-2014:0786)NessusRed Hat Local Security Checks
high
76888Oracle Linux 6 : kernel (ELSA-2014-0981)NessusOracle Linux Local Security Checks
high
76738Oracle Linux 7 : kernel (ELSA-2014-0786)NessusOracle Linux Local Security Checks
high
76696RHEL 6 : kernel-rt (RHSA-2014:0913)NessusRed Hat Local Security Checks
high
76569Ubuntu 14.04 LTS : linux vulnerabilities (USN-2290-1)NessusUbuntu Local Security Checks
high
76567Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2288-1)NessusUbuntu Local Security Checks
high
76565Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2286-1)NessusUbuntu Local Security Checks
high
76557SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9488 / 9491 / 9493)NessusSuSE Local Security Checks
critical
76298Ubuntu 13.10 : linux vulnerabilities (USN-2264-1)NessusUbuntu Local Security Checks
medium
76297Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2262-1)NessusUbuntu Local Security Checks
medium
76296Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2261-1)NessusUbuntu Local Security Checks
medium
76294Ubuntu 12.04 LTS : linux vulnerabilities (USN-2259-1)NessusUbuntu Local Security Checks
medium
76228openSUSE Security Update : kernel (openSUSE-SU-2014:0840-1)NessusSuSE Local Security Checks
high
76160Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2252-1)NessusUbuntu Local Security Checks
medium
76159Ubuntu 10.04 LTS : linux vulnerabilities (USN-2251-1)NessusUbuntu Local Security Checks
medium
74513Mandriva Linux Security Advisory : kernel (MDVSA-2014:124)NessusMandriva Local Security Checks
critical
74336Debian DSA-2949-1 : linux - security updateNessusDebian Local Security Checks
high
74132Fedora 19 : kernel-3.14.4-100.fc19 (2014-6354)NessusFedora Local Security Checks
high
74049Fedora 20 : kernel-3.14.4-200.fc20 (2014-6357)NessusFedora Local Security Checks
high