PT-2014-5620 · Linux+4 · Linux Kernel+4

Sasha Levin

Published

2014-06-05

Updated

2021-07-15

CVE-2014-3940

CVSS v2.0

4.0

Medium

Vector

AV:L/AC:H/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.14.5

Description The issue allows local users to cause a denial of service, resulting in memory corruption or system crash, by accessing certain memory locations. This can be achieved by triggering a race condition via numa maps read operations during hugepage migration. The problem is related to the fs/proc/task mmu.c and mm/mempolicy.c files.

Recommendations For Linux kernel versions prior to 3.14.5, update to version 3.14.5 or later to resolve the issue. As a temporary workaround, consider restricting access to hugepage migration to minimize the risk of exploitation.

Exploit

Fix

DoS

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2014-1765

ALT-PU-2014-2064

CESA-2015_0290

CESA-2015_1272

CVE-2014-3940

RHSA-2014:0913

RHSA-2015:0290

RHSA-2015:1272

RHSA-2015_0290

RHSA-2015_1272

USN-2288-1

USN-2290-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Ubuntu

PT-2014-5620 · Linux+4 · Linux Kernel+4

CVE-2014-3940

Weakness Enumeration

Related Identifiers

Affected Products

References · 369