PT-2015-4196 · Linux+3 · Linux Kernel+3

Philipp Psurek

·

Publicado

2015-01-02

·

Atualizado

2023-01-20

·

CVE-2014-9428

CVSS v2.0

7.8

Alta

VetorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 3.18.1
Description The issue is related to the batadv frag merge packets function in the B.A.T.M.A.N. implementation, which uses an incorrect length field during a calculation of an amount of memory. This allows remote attackers to cause a denial of service, resulting in a mesh-node system crash via fragmented packets.
Recommendations For Linux kernel versions through 3.18.1, update to a version newer than 3.18.1 to resolve the issue. As a temporary workaround, consider restricting access to the batadv frag merge packets function until a patch is available.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

ALT-PU-2015-1099
ALT-PU-2015-1101
CVE-2014-9428
MGASA-2015-0070
MGASA-2015-0075
MGASA-2015-0076
MGASA-2015-0077
MGASA-2015-0078
OPENSUSE-SU-2015_0713-1
USN-2515-1
USN-2516-1
USN-2516-2
USN-2516-3
USN-2517-1
USN-2518-1

Produtos afetados

Alt Linux
Linux Kernel
Suse
Ubuntu