CVE-2014-2851

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.14.1

Description The issue is related to an integer overflow in the ping init sock function in net/ipv4/ping.c of the Linux kernel, allowing local users to cause a denial of service or possibly gain privileges via a crafted application. The vulnerability can be exploited remotely and may lead to disruption of confidentiality, integrity, and availability of protected information.

Recommendations For Linux kernel versions prior to 3.14.1, update to a version 3.14.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the ping init sock function until a patch is available.

Exploit

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189CWE-416

Related Identifiers

ALT-PU-2014-1602

ALT-PU-2014-1820

ALT-PU-2014-2064

BDU:2014-00335

BDU:2015-04307

BDU:2015-04308

BDU:2015-04309

BDU:2015-04310

CESA-2014_0981

CVE-2014-2851

DSA-2926-1

MGASA-2014-0206

MGASA-2014-0208

MGASA-2014-0228

MGASA-2014-0229

MGASA-2014-0234

MGASA-2014-0235

MGASA-2014-0236

MGASA-2014-0237

MGASA-2014-0238

OPENSUSE-SU-2014_0840-1

OPENSUSE-SU-2014_0856-1

RHSA-2014:0557

RHSA-2014:0786

RHSA-2014:0981

RHSA-2014:1101

RHSA-2014_0786

RHSA-2014_0981

SUSE-RU-2015:0621-1

SUSE-SU-2015:0481-1

SUSE-SU-2015:0581-1

SUSE-SU-2015:0736-1

SUSE-SU-2015:1174-1

SUSE-SU-2015:1376-1

USN-2221-1

USN-2223-1

USN-2224-1

USN-2225-1

USN-2226-1

USN-2227-1

USN-2228-1

USN-2260-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

CVE-2014-2851

Weakness Enumeration

Related Identifiers

Affected Products

References · 434