Linux » Linux Kernel : Security Vulnerabilities, CVEs, Published In March 2014 (Memory corruption)
Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced.
Max CVSS
2.9
EPSS Score
0.09%
Published
2014-03-24
Updated
2019-05-10
Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.
Max CVSS
2.9
EPSS Score
0.14%
Published
2014-03-24
Updated
2023-02-13
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.
Max CVSS
7.8
EPSS Score
91.79%
Published
2014-03-11
Updated
2023-02-13
Race condition in the inet_frag_intern function in net/ipv4/inet_fragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service (use-after-free error) or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system with a heavy CPU load.
Max CVSS
9.3
EPSS Score
0.56%
Published
2014-03-11
Updated
2023-01-19
The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.
Max CVSS
4.7
EPSS Score
0.04%
Published
2014-03-24
Updated
2020-08-28
5 vulnerabilities found