CVE-2014-1874Improper Input Validation in Kernel

CWE-20Improper Input Validation19 documents8 sources
Severity
4.9MEDIUMNVD
EPSS
0.1%
top 77.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelCanonical Ubuntu LinuxSuse Linux Enterprise Server
Timeline
PublishedFeb 28
Latest updateMay 13

Description

The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages3 packages

NVDlinux/linux_kernel< 3.13.4
Debianlinux/linux_kernel< 3.13.4-1+3

Also affects: Ubuntu Linux 10.04, 12.04, 12.10, 13.10

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-284f-hr5w-9657: The security_context_to_sid_core function in security/selinux/ss/services2022-05-13
OSV
CVE-2014-1874: The security_context_to_sid_core function in security/selinux/ss/services2014-02-28
CVEList
CVE-2014-1874: The security_context_to_sid_core function in security/selinux/ss/services2014-02-28

📋Vendor Advisories

13
Ubuntu
Linux kernel (Saucy HWE) vulnerabilities2014-03-07
Ubuntu
Linux kernel (OMAP4) vulnerabilities2014-03-07
Ubuntu
Linux kernel (OMAP4) vulnerabilities2014-03-07
Ubuntu
Linux kernel (OMAP4) vulnerabilities2014-03-07
Ubuntu
Linux kernel vulnerabilities2014-03-07

💬Community

2
Bugzilla
CVE-2014-1874 Kernel: SELinux: local denial-of-service [fedora-all]2014-02-07
Bugzilla
CVE-2014-1874 Kernel: SELinux: local denial-of-service2014-02-06
CVE-2014-1874 — Improper Input Validation in Kernel | cvebase