Vulnerability Details : CVE-2014-3535
Potential exploit
include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) by sending invalid packets to a VxLAN interface.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2014-3535
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.35.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.35:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.35.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.35.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.35.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.35.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.35.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.35:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.35:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.35:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.35.9:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.35:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.35.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.35.8:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.35:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.35:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.35.12:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.35.11:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.35.10:*:*:*:*:*:*:*
Threat overview for CVE-2014-3535
Top countries where our scanners detected CVE-2014-3535
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2014-3535 8,720
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-3535!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-3535
0.82%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-3535
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2014-3535
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3535
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=256df2f3879efdb2e9808bdb1b54b16fbb11fa38
-
http://www.securityfocus.com/bid/69721
Linux Kernel 'netdevice.h' NULL Pointer Dereference Denial of Service Vulnerability
-
https://bugzilla.redhat.com/show_bug.cgi?id=1114540
1114540 – (CVE-2014-3535) CVE-2014-3535 Kernel: netdevice.h: NULL pointer dereference over VxLAN
-
https://github.com/torvalds/linux/commit/256df2f3879efdb2e9808bdb1b54b16fbb11fa38
netdevice.h net/core/dev.c: Convert netdev_<level> logging macros to … · torvalds/linux@256df2f · GitHubExploit
-
http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.36
404 Not FoundExploit;Vendor Advisory
Jump to