CVE-2014-3144

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 3.14.3

Description The issue is related to the BPF S ANC NLATTR and BPF S ANC NLATTR NEST extension implementations in the sk run filter function in net/core/filter.c, which do not check whether a certain length value is sufficiently large. This allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. The affected code was moved to the skb get nlattr and skb get nlattr nest functions before the vulnerability was announced.

Recommendations For Linux kernel versions through 3.14.3, consider updating to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the sk run filter function to minimize the risk of exploitation. Additionally, avoid using the BPF S ANC NLATTR and BPF S ANC NLATTR NEST extensions in BPF instructions until the issue is resolved.

Exploit

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-189

Related Identifiers

ALT-PU-2014-1634

ALT-PU-2014-1820

ALT-PU-2014-2064

BDU:2014-00062

BDU:2014-00064

BDU:2015-04307

BDU:2015-04308

BDU:2015-04309

BDU:2015-04310

CESA-2014_0981

CVE-2014-3144

DLA-0015-1

DSA-2949-1

OPENSUSE-SU-2014_0840-1

OPENSUSE-SU-2014_0957-1

RHSA-2014:0786

RHSA-2014:0913

RHSA-2014:0981

RHSA-2014_0786

RHSA-2014_0981

SUSE-RU-2015:0621-1

SUSE-SU-2015:0481-1

SUSE-SU-2015:0581-1

SUSE-SU-2015:0652-1

SUSE-SU-2015:0736-1

SUSE-SU-2015:1174-1

SUSE-SU-2015:1376-1

USN-2251-1

USN-2252-1

USN-2259-1

USN-2261-1

USN-2262-1

USN-2263-1

USN-2264-1

USN-2286-1

USN-2288-1

USN-2290-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

CVE-2014-3144

Weakness Enumeration

Related Identifiers

Affected Products

References · 65