Vulnerability Details : CVE-2014-3144
Potential exploit
The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2014-3144
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-3144
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 24 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-3144
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST |
CWE ids for CVE-2014-3144
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3144
-
https://github.com/torvalds/linux/commit/05ab8f2647e4221cbdb3856dd7d32bd5407316b3
filter: prevent nla extensions to peek beyond the end of the message · torvalds/linux@05ab8f2 · GitHubExploit;Patch;Third Party Advisory
-
http://www.debian.org/security/2014/dsa-2949
Debian -- Security Information -- DSA-2949-1 linuxThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2014/05/09/6
oss-security - Re: CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the messageMailing List;Patch;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2263-1
USN-2263-1: Linux kernel (OMAP4) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://secunia.com/advisories/59311
Sign inNot Applicable
-
http://www.securityfocus.com/bid/67309
Linux Kernel 'filter.c' CVE-2014-3144 Multiple Local Denial of Service VulnerabilitiesThird Party Advisory;VDB Entry
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=05ab8f2647e4221cbdb3856dd7d32bd5407316b3
-
http://linux.oracle.com/errata/ELSA-2014-3052.html
linux.oracle.com | ELSA-2014-3052Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2259-1
USN-2259-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://secunia.com/advisories/60613
Sign inNot Applicable
-
http://www.ubuntu.com/usn/USN-2252-1
USN-2252-1: Linux kernel (EC2) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2261-1
USN-2261-1: Linux kernel (Saucy HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2262-1
USN-2262-1: Linux kernel (Quantal HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2251-1
USN-2251-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2264-1
USN-2264-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
Jump to