CVE-2014-7145

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.16.3

Description The issue allows remote CIFS servers to cause a denial of service, resulting in a NULL pointer dereference and client system crash, or possibly have unspecified other impact. This occurs when the IPC$ share is deleted during resolution of DFS referrals. The SMB2 tcon function in fs/cifs/smb2pdu.c is the vulnerable component.

Recommendations For Linux kernel versions prior to 3.16.3, update to version 3.16.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the SMB2 tcon function in fs/cifs/smb2pdu.c to minimize the risk of exploitation.