CVE-2014-2523
published 2014-03-24CVE-2014-2523: net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a…
PriorityP351critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
10.38%
95.2th percentile
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| debian | linux | < linux 3.13.10-1 (bookworm) | linux 3.13.10-1 (bookworm) |
| linux | linux_kernel | < 3.2.57 | 3.2.57 |
| linux | linux_kernel | >= 0 < 3.13.10-1 | 3.13.10-1 |
| linux | linux_kernel | >= 0 < 3.13.10-1 | 3.13.10-1 |
| linux | linux_kernel | >= 0 < 3.13.10-1 | 3.13.10-1 |
| linux | linux_kernel | >= 0 < 3.13.10-1 | 3.13.10-1 |
| linux | linux_kernel | >= 3.11 < 3.12.17 | 3.12.17 |
| linux | linux_kernel | >= 3.13.0 < 3.13.9 | 3.13.9 |
| linux | linux_kernel | >= 3.3 < 3.4.86 | 3.4.86 |
| linux | linux_kernel | >= 3.5 < 3.10.36 | 3.10.36 |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
vendor_ubuntu7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Linux Kernel up to 3.13.6 DCCP Packet nf_conntrack_proto_dccp.c skb_header_pointer input validation (Nessus ID 73241 / ID 167228)
vuldb·2026-05-08·CVSS 10.0
CVE-2014-2523 [CRITICAL] Linux Kernel up to 3.13.6 DCCP Packet nf_conntrack_proto_dccp.c skb_header_pointer input validation (Nessus ID 73241 / ID 167228)
A vulnerability described as critical has been identified in Linux Kernel up to 3.13.6. The impacted element is the function skb_header_pointer of the file netfilter/nf_conntrack_proto_dccp.c of the component DCCP Packet Handler. Such manipulation leads to improper input validation.
This vulnerability is listed as CVE-2014-2523. The attack may be performed from remote. There is no available exploit.
It is advisable to implement a patch to correct this issue.
GHSA
GHSA-563v-66w5-x93f: net/netfilter/nf_conntrack_proto_dccp
ghsa_unreviewed·2022-05-13
CVE-2014-2523 [HIGH] CWE-20 GHSA-563v-66w5-x93f: net/netfilter/nf_conntrack_proto_dccp
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
OSV
CVE-2014-2523: net/netfilter/nf_conntrack_proto_dccp
osv·2014-03-24·CVSS 10.0
CVE-2014-2523 [CRITICAL] CVE-2014-2523: net/netfilter/nf_conntrack_proto_dccp
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
Ubuntu
Linux kernel (Saucy HWE) vulnerabilities
vendor_ubuntu·2014-05-27·CVSS 5.5
CVE-2014-0055 [MEDIUM] Linux kernel (Saucy HWE) vulnerabilities
Title: Linux kernel (Saucy HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Matthew Daley reported an information leak in the floppy disk driver of the
Linux kernel. An unprivileged local user could exploit this flaw to obtain
potentially sensitive information from kernel memory. (CVE-2014-1738)
Matthew Daley reported a flaw in the handling of ioctl commands by the
floppy disk driver in the Linux kernel. An unprivileged local user could
exploit this flaw to gain administrative privileges if the floppy disk
module is loaded. (CVE-2014-1737)
A flaw was discovered in the vhost-net subsystem of the Linux kernel. Guest
OS users could exploit this flaw to cause a denial of service (host OS
crash). (CVE-2014-0055)
A flaw was discovered in the handling of networ
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2014-05-27·CVSS 4.9
CVE-2013-4483 [MEDIUM] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Several security issues were fixed in the kernel.
A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An
unprivileged user could exploit this flaw to cause a denial of service
(system crash) or potentially gain administrator privileges.
(CVE-2014-0196)
Matthew Daley reported an information leak in the floppy disk driver of the
Linux kernel. An unprivileged local user could exploit this flaw to obtain
potentially sensitive information from kernel memory. (CVE-2014-1738)
Matthew Daley reported a flaw in the handling of ioctl commands by the
floppy disk driver in the Linux kernel. An unprivileged local user could
exploit this flaw to gain administrative privileges if the floppy disk
module is loaded. (CVE-2014-1737)
A
Ubuntu
Linux kernel (Quantal HWE) vulnerabilities
vendor_ubuntu·2014-05-27·CVSS 4.9
CVE-2013-4483 [MEDIUM] Linux kernel (Quantal HWE) vulnerabilities
Title: Linux kernel (Quantal HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Matthew Daley reported an information leak in the floppy disk driver of the
Linux kernel. An unprivileged local user could exploit this flaw to obtain
potentially sensitive information from kernel memory. (CVE-2014-1738)
Matthew Daley reported a flaw in the handling of ioctl commands by the
floppy disk driver in the Linux kernel. An unprivileged local user could
exploit this flaw to gain administrative privileges if the floppy disk
module is loaded. (CVE-2014-1737)
A flaw was discovered in the Linux kernel's IPC reference counting. An
unprivileged local user could exploit this flaw to cause a denial of
service (OOM system crash). (CVE-2013-4483)
A flaw was discovered in the vho
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2014-05-27·CVSS 5.5
CVE-2014-0055 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Matthew Daley reported an information leak in the floppy disk driver of the
Linux kernel. An unprivileged local user could exploit this flaw to obtain
potentially sensitive information from kernel memory. (CVE-2014-1738)
Matthew Daley reported a flaw in the handling of ioctl commands by the
floppy disk driver in the Linux kernel. An unprivileged local user could
exploit this flaw to gain administrative privileges if the floppy disk
module is loaded. (CVE-2014-1737)
A flaw was discovered in the vhost-net subsystem of the Linux kernel. Guest
OS users could exploit this flaw to cause a denial of service (host OS
crash). (CVE-2014-0055)
A flaw was discovered in the handling of network packets wh
Ubuntu
Linux kernel (Raring HWE) vulnerabilities
vendor_ubuntu·2014-05-27·CVSS 5.5
CVE-2014-0055 [MEDIUM] Linux kernel (Raring HWE) vulnerabilities
Title: Linux kernel (Raring HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Matthew Daley reported an information leak in the floppy disk driver of the
Linux kernel. An unprivileged local user could exploit this flaw to obtain
potentially sensitive information from kernel memory. (CVE-2014-1738)
Matthew Daley reported a flaw in the handling of ioctl commands by the
floppy disk driver in the Linux kernel. An unprivileged local user could
exploit this flaw to gain administrative privileges if the floppy disk
module is loaded. (CVE-2014-1737)
A flaw was discovered in the vhost-net subsystem of the Linux kernel. Guest
OS users could exploit this flaw to cause a denial of service (host OS
crash). (CVE-2014-0055)
A flaw was discovered in the handling of netwo
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2014-05-26·CVSS 4.9
CVE-2013-4483 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Matthew Daley reported an information leak in the floppy disk driver of the
Linux kernel. An unprivileged local user could exploit this flaw to obtain
potentially sensitive information from kernel memory. (CVE-2014-1738)
Matthew Daley reported a flaw in the handling of ioctl commands by the
floppy disk driver in the Linux kernel. An unprivileged local user could
exploit this flaw to gain administrative privileges if the floppy disk
module is loaded. (CVE-2014-1737)
A flaw was discovered in the Linux kernel's IPC reference counting. An
unprivileged local user could exploit this flaw to cause a denial of
service (OOM system crash). (CVE-2013-4483)
Al Viro discovered an error in how CIFS in the
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2014-04-26·CVSS 7.8
CVE-2014-0101 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
A flaw was discovered in the Linux kernel's handling of the SCTP handshake. A
remote attacker could exploit this flaw to cause a denial of service
(system crash). (CVE-2014-0101)
An error was discovered in the Linux kernel's DCCP protocol support. A
remote attacked could exploit this flaw to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2014-2523)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installe
Ubuntu
Linux kernel (EC2) vulnerabilities
vendor_ubuntu·2014-04-26·CVSS 7.8
CVE-2014-0101 [HIGH] Linux kernel (EC2) vulnerabilities
Title: Linux kernel (EC2) vulnerabilities
Summary: Several security issues were fixed in the kernel.
A flaw was discovered in the Linux kernel's handling of the SCTP handshake. A
remote attacker could exploit this flaw to cause a denial of service
(system crash). (CVE-2014-0101)
An error was discovered in the Linux kernel's DCCP protocol support. A
remote attacked could exploit this flaw to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2014-2523)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have in
Red Hat
kernel: netfilter: nf_conntrack_dccp: incorrect skb_header_pointer API usages
vendor_redhat·2014-01-06·CVSS 10.0
CVE-2014-2523 [CRITICAL] kernel: netfilter: nf_conntrack_dccp: incorrect skb_header_pointer API usages
kernel: netfilter: nf_conntrack_dccp: incorrect skb_header_pointer API usages
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
Statement: This issue does not affect the versions of the kernel package as shipped with
Red Hat Enterprise Linux 5.
Package: kernel (Red Hat Enterprise Linux 5) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2014-2523: linux - net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses ...
vendor_debian·2014·CVSS 10.0
CVE-2014-2523 [CRITICAL] CVE-2014-2523: linux - net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses ...
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
Scope: local
bookworm: resolved (fixed in 3.13.10-1)
bullseye: resolved (fixed in 3.13.10-1)
forky: resolved (fixed in 3.13.10-1)
sid: resolved (fixed in 3.13.10-1)
trixie: resolved (fixed in 3.13.10-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-2523 kernel: netfilter: nf_conntrack_dccp: incorrect skb_header_pointer API usages [fedora-all]
bugzilla·2014-03-17·CVSS 10.0
CVE-2014-2523 [CRITICAL] CVE-2014-2523 kernel: netfilter: nf_conntrack_dccp: incorrect skb_header_pointer API usages [fedora-all]
CVE-2014-2523 kernel: netfilter: nf_conntrack_dccp: incorrect skb_header_pointer API usages [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Bugzilla
CVE-2014-2523 kernel: netfilter: nf_conntrack_dccp: incorrect skb_header_pointer API usages
bugzilla·2014-03-17·CVSS 10.0
CVE-2014-2523 [CRITICAL] CVE-2014-2523 kernel: netfilter: nf_conntrack_dccp: incorrect skb_header_pointer API usages
CVE-2014-2523 kernel: netfilter: nf_conntrack_dccp: incorrect skb_header_pointer API usages
Description of the problem:
Some occurences in the netfilter tree use skb_header_pointer() in
the following way ...
struct dccp_hdr _dh, *dh;
...
skb_header_pointer(skb, dataoff, sizeof(_dh), &dh);
... where dh itself is a pointer that is being passed as the copy
buffer. Instead, we need to use &_dh as the forth argument so that
we're copying the data into an actual buffer that sits on the stack.
A remote attacker could use this flaw to crash the system or,
potentially, escalate their privileges on the system.
References:
http://www.openwall.com/lists/oss-security/2014/03/17/3
Introduced by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2bc780499aa3
Upstream fix:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92http://secunia.com/advisories/57446http://twitter.com/grsecurity/statuses/445496197399461888http://www.openwall.com/lists/oss-security/2014/03/17/7http://www.securityfocus.com/bid/66279http://www.securitytracker.com/id/1029945http://www.ubuntu.com/usn/USN-2173-1http://www.ubuntu.com/usn/USN-2174-1https://bugzilla.redhat.com/show_bug.cgi?id=1077343https://exchange.xforce.ibmcloud.com/vulnerabilities/91910https://github.com/torvalds/linux/commit/b22f5126a24b3b2f15448c3f2a254fc10cbc2b92http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92http://secunia.com/advisories/57446http://twitter.com/grsecurity/statuses/445496197399461888http://www.openwall.com/lists/oss-security/2014/03/17/7http://www.securityfocus.com/bid/66279http://www.securitytracker.com/id/1029945http://www.ubuntu.com/usn/USN-2173-1http://www.ubuntu.com/usn/USN-2174-1https://bugzilla.redhat.com/show_bug.cgi?id=1077343https://exchange.xforce.ibmcloud.com/vulnerabilities/91910https://github.com/torvalds/linux/commit/b22f5126a24b3b2f15448c3f2a254fc10cbc2b92
2014-03-24
Published