PT-2014-5429 · Linux+4 · Linux Kernel+4

Publicado

2014-09-19

Atualizado

2024-02-02

CVE-2014-3631

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.16.3

Description The issue is related to the associative-array implementation in the Linux kernel, specifically the assoc array gc function, which does not properly implement garbage collection. This allows local users to cause a denial of service, resulting in a NULL pointer dereference and system crash, or possibly have unspecified other impact. The exploitation involves multiple "keyctl newring" operations followed by a "keyctl timeout" operation.

Recommendations For Linux kernel versions prior to 3.16.3, update to version 3.16.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the keyctl command to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

ALT-PU-2014-2158

ALT-PU-2015-1794

CESA-2014_1971

CVE-2014-3631

MGASA-2014-0451

MGASA-2014-0452

MGASA-2014-0453

MGASA-2014-0454

MGASA-2014-0455

MGASA-2014-0456

MGASA-2014-0459

MGASA-2014-0479

RHSA-2014:1971

RHSA-2014_1971

USN-2378-1

USN-2379-1

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Ubuntu

PT-2014-5429 · Linux+4 · Linux Kernel+4

CVE-2014-3631

Identificadores relacionados

Produtos afetados

Referências · 97