Vulnerability Details : CVE-2014-1874
The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2014-1874
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-1874
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-1874
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST |
CWE ids for CVE-2014-1874
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1874
-
http://www.securityfocus.com/bid/65459
Linux Kernel 'security_context_to_sid_core()' Function Local Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/USN-2140-1
USN-2140-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.4
Release Notes;Vendor Advisory
-
https://github.com/torvalds/linux/commit/2172fa709ab32ca60e86179dc67d0857be8e2c98
SELinux: Fix kernel BUG on empty security contexts. · torvalds/linux@2172fa7 · GitHubPatch;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2135-1
USN-2135-1: Linux kernel (Quantal HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2137-1
USN-2137-1: Linux kernel (Saucy HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://linux.oracle.com/errata/ELSA-2014-3043.html
linux.oracle.com | ELSA-2014-3043Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2014/02/07/2
oss-security - Re: CVE Request: Linux kernel: SELinux local DoSMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2129-1
USN-2129-1: Linux kernel (EC2) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2172fa709ab32ca60e86179dc67d0857be8e2c98
-
https://bugzilla.redhat.com/show_bug.cgi?id=1062356
1062356 – (CVE-2014-1874) CVE-2014-1874 Kernel: SELinux: local denial-of-serviceIssue Tracking;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2128-1
USN-2128-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://linux.oracle.com/errata/ELSA-2014-0771.html
linux.oracle.com | ELSA-2014-0771Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2138-1
USN-2138-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2134-1
USN-2134-1: Linux kernel (OMAP4) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2141-1
USN-2141-1: Linux kernel (OMAP4) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2139-1
USN-2139-1: Linux kernel (OMAP4) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
[security-announce] SUSE-SU-2015:0812-1: important: Security update forMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2133-1
USN-2133-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2136-1
USN-2136-1: Linux kernel (Raring HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
Jump to