CVE-2014-2523

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.13.6 SUSE Linux Enterprise kernel-pae-devel (affected versions not specified) SUSE Linux Enterprise kernel-xen-devel (affected versions not specified) SUSE Linux Enterprise gfs2-kmp-xen (affected versions not specified) SUSE Linux Enterprise kernel-ec2-devel (affected versions not specified)

Description The issue involves multiple vulnerabilities in the Linux kernel and various SUSE Linux Enterprise packages, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. Specifically, the Linux kernel through version 3.13.6 incorrectly uses a DCCP header pointer in the net/netfilter/nf conntrack proto dccp.c file, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via a DCCP packet that triggers a call to the dccp new, dccp packet, or dccp error function.

Recommendations For Linux kernel versions prior to 3.13.6, update to a version 3.13.6 or later to resolve the issue. For SUSE Linux Enterprise kernel-pae-devel, kernel-xen-devel, gfs2-kmp-xen, and kernel-ec2-devel, at the moment, there is no information about a newer version that contains a fix for this vulnerability.