Vulnerability Details : CVE-2014-0038
Public exploit exists!
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.
Vulnerability category: Input validation
Threat overview for CVE-2014-0038
Top countries where our scanners detected CVE-2014-0038
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2014-0038 158,818
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-0038!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-0038
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 23 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2014-0038
-
Linux Kernel recvmmsg Privilege Escalation
Disclosure Date: 2014-02-02First seen: 2020-04-26exploit/linux/local/recvmmsg_priv_escThis module attempts to exploit CVE-2014-0038, by sending a recvmmsg system call with a crafted timeout pointer parameter to gain root. This exploit has offsets for 3 Ubuntu 13 kernels: 3.8.0-19-generic (13.04 default); 3.11.0-12-generic (13.10 default);
CVSS scores for CVE-2014-0038
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2014-0038
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0038
-
http://www.mandriva.com/security/advisories?name=MDVSA-2014:038
mandriva.comThird Party Advisory
-
http://secunia.com/advisories/56669
Sign inNot Applicable
-
http://www.ubuntu.com/usn/USN-2095-1
USN-2095-1: Linux kernel (Saucy HWE) vulnerability | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html
[security-announce] openSUSE-SU-2014:0205-1: important: kernel to 3.11.1Third Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/USN-2096-1
USN-2096-1: Linux kernel vulnerability | Ubuntu security noticesThird Party Advisory
-
http://www.exploit-db.com/exploits/31346
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.10) - 'CONFIG_X86_X32' Arbitrary Write (2) - Linux local ExploitThird Party Advisory;VDB Entry
-
https://code.google.com/p/chromium/issues/detail?id=338594
338594 - exploitable linux kernel (3.4+) write bug in net/compat.c:compat_sys_recvmmsg under CONFIG_X86_X32_ABI - chromium - MonorailThird Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.2
Third Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2def2ef2ae5f3990aabdbe8a755911902707d268
Third Party Advisory;VDB Entry
-
https://bugzilla.redhat.com/show_bug.cgi?id=1060023
1060023 – (CVE-2014-0038) CVE-2014-0038 Kernel: 3.4+ arbitrary write with CONFIG_X86_X32Issue Tracking
-
http://pastebin.com/raw.php?i=DH3Lbg54
Exploit
-
https://github.com/torvalds/linux/commit/2def2ef2ae5f3990aabdbe8a755911902707d268
x86, x32: Correct invalid use of user timespec in the kernel · torvalds/linux@2def2ef · GitHubExploit;Patch
-
http://www.openwall.com/lists/oss-security/2014/01/31/2
oss-security - Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038)Mailing List
-
https://github.com/saelo/cve-2014-0038
GitHub - saelo/cve-2014-0038: Linux local root exploit for CVE-2014-0038Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2094-1
USN-2094-1: Linux kernel (Raring HWE) vulnerability | Ubuntu security noticesThird Party Advisory
-
http://www.exploit-db.com/exploits/31347
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10 x64) - 'CONFIG_X86_X32=y' Local Privilege Escalation (3) - Linux_x86-64 local ExploitThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/40503/
Linux Kernel 3.13.1 - 'Recvmmsg' Local Privilege Escalation (Metasploit) - Linux local ExploitThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/65255
Linux Kernel 'compat_sys_recvmmsg()' Function Local Memory Corruption VulnerabilityThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html
[security-announce] openSUSE-SU-2014:0204-1: important: kernel: securityThird Party Advisory;VDB Entry
Products affected by CVE-2014-0038
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*