Vulnerability Details : CVE-2014-2851
Potential exploit
Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.
Vulnerability category: OverflowMemory CorruptionDenial of service
Products affected by CVE-2014-2851
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2851
0.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-2851
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2014-2851
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2851
-
http://secunia.com/advisories/59386
Sign inBroken Link
-
https://bugzilla.redhat.com/show_bug.cgi?id=1086730
1086730 – (CVE-2014-2851) CVE-2014-2851 kernel: net: ping: refcount issue in ping_init_sock() functionIssue Tracking;Patch;Third Party Advisory
-
http://www.securitytracker.com/id/1030769
Linux Kernel ping_init_sock() Counter Overflow Lets Local Users Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
-
https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cac
kernel/git/davem/net.git - Netdev Group's networking treeExploit;Patch;Vendor Advisory
-
https://lkml.org/lkml/2014/4/10/736
LKML: "Wang, Xiaoming": [PATCH] net: ipv4: current group_info should be put after using.Mailing List;Patch;Vendor Advisory
-
http://www.debian.org/security/2014/dsa-2926
Debian -- Security Information -- DSA-2926-1 linuxThird Party Advisory
-
http://www.securityfocus.com/bid/66779
Linux Kernel 'ping_init_sock()' Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2014/04/11/4
oss-security - Re: CVE request -- Linux kernel: net: ping: refcount issue in ping_init_sock() functionMailing List;Patch;Third Party Advisory
-
http://secunia.com/advisories/59599
Sign inBroken Link
Jump to