CVE-2014-0131Use After Free in Kernel

CWE-416Use After Free14 documents8 sources
Severity
2.9LOWNVD
EPSS
0.1%
top 71.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelOpensuse EvergreenSuse Linux Enterprise Server
Timeline
PublishedMar 24
Latest updateMay 14

Description

Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.

CVSS vector

AV:A/AC:M/C:P/I:N/A:NExploitability: 5.5 | Impact: 2.9

Affected Packages4 packages

Debianlinux/linux_kernel< 3.13.6-1+3
NVDlinux/linux_kernel3.03.13.6

Patches

Patch: www.spinics.netPatch: github.comPatch: www.spinics.net

🔴Vulnerability Details

3
GHSA
GHSA-69px-r2hq-hmw3: Use-after-free vulnerability in the skb_segment function in net/core/skbuff2022-05-14
CVEList
CVE-2014-0131: Use-after-free vulnerability in the skb_segment function in net/core/skbuff2014-03-24
OSV
CVE-2014-0131: Use-after-free vulnerability in the skb_segment function in net/core/skbuff2014-03-24

📋Vendor Advisories

8
Ubuntu
Linux kernel (Quantal HWE) vulnerabilities2014-07-17
Ubuntu
Linux kernel (Raring HWE) vulnerabilities2014-07-17
Ubuntu
Linux kernel vulnerabilities2014-07-17
Ubuntu
Linux kernel (Saucy HWE) vulnerabilities2014-07-17
Ubuntu
Linux kernel vulnerabilities2014-07-16

💬Community

2
Bugzilla
CVE-2014-0131 kernel: net: use-after-free during segmentation with zerocopy [fedora-all]2014-03-20
Bugzilla
CVE-2014-0131 kernel: net: use-after-free during segmentation with zerocopy2014-03-10
CVE-2014-0131 — Use After Free in Linux Kernel | cvebase