PT-2014-5620 · Linux+4 · Linux Kernel+4

Sasha Levin

Publicado

2014-06-05

Atualizado

2021-07-15

CVE-2014-3940

CVSS v2.0

4.0

Média

Vetor

AV:L/AC:H/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.14.5

Description The issue allows local users to cause a denial of service, resulting in memory corruption or system crash, by accessing certain memory locations. This can be achieved by triggering a race condition via numa maps read operations during hugepage migration. The problem is related to the fs/proc/task mmu.c and mm/mempolicy.c files.

Recommendations For Linux kernel versions prior to 3.14.5, update to version 3.14.5 or later to resolve the issue. As a temporary workaround, consider restricting access to hugepage migration to minimize the risk of exploitation.

Exploit

Correção

DoS

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

ALT-PU-2014-1765

ALT-PU-2014-2064

CESA-2015_0290

CESA-2015_1272

CVE-2014-3940

RHSA-2014:0913

RHSA-2015:0290

RHSA-2015:1272

RHSA-2015_0290

RHSA-2015_1272

USN-2288-1

USN-2290-1

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Ubuntu

PT-2014-5620 · Linux+4 · Linux Kernel+4

CVE-2014-3940

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 369