CVE-2014-2851
published 2014-04-14CVE-2014-2851: Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service…
PriorityP425medium6.9CVSS 2.0
AVLACMAuNCCICAC
EXPLOIT
EPSS
0.95%
56.8th percentile
Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 3.14.4-1 (bookworm) | linux 3.14.4-1 (bookworm) |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 3.14.4-1 | 3.14.4-1 |
| linux | linux_kernel | >= 0 < 3.14.4-1 | 3.14.4-1 |
| linux | linux_kernel | >= 0 < 3.14.4-1 | 3.14.4-1 |
| linux | linux_kernel | >= 0 < 3.14.4-1 | 3.14.4-1 |
| linux | linux_kernel | >= 0 < 3.13.0-27.50 | 3.13.0-27.50 |
| linux | linux_kernel | >= 3.0 < 3.2.60 | 3.2.60 |
| linux | linux_kernel | >= 3.11 < 3.12.19 | 3.12.19 |
| linux | linux_kernel | >= 3.13 < 3.14.5 | 3.14.5 |
| linux | linux_kernel | >= 3.3 < 3.4.92 | 3.4.92 |
| linux | linux_kernel | >= 3.5 < 3.10.41 | 3.10.41 |
CVSS provenance
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv6.9MEDIUM
vendor_debian6.9LOW
vendor_redhat6.9MEDIUM
vendor_ubuntu5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities
vendor_ubuntu·2014-06-27·CVSS 5.5
CVE-2014-0077 [MEDIUM] Linux kernel (Trusty HWE) vulnerabilities
Title: Linux kernel (Trusty HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An
unprivileged user could exploit this flaw to cause a denial of service
(system crash) or potentially gain administrator privileges.
(CVE-2014-0196)
Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An
unprivileged local user could exploit this flaw to cause a denial of
service (system crash) or gain administrative privileges. (CVE-2014-3153)
Matthew Daley reported an information leak in the floppy disk driver of the
Linux kernel. An unprivileged local user could exploit this flaw to obtain
potentially sensitive information from kernel memory. (CVE-2014-1738)
Matthew Daley reported a flaw in
Ubuntu
Linux kernel (Saucy HWE) vulnerabilities
vendor_ubuntu·2014-05-27·CVSS 5.5
CVE-2014-0055 [MEDIUM] Linux kernel (Saucy HWE) vulnerabilities
Title: Linux kernel (Saucy HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Matthew Daley reported an information leak in the floppy disk driver of the
Linux kernel. An unprivileged local user could exploit this flaw to obtain
potentially sensitive information from kernel memory. (CVE-2014-1738)
Matthew Daley reported a flaw in the handling of ioctl commands by the
floppy disk driver in the Linux kernel. An unprivileged local user could
exploit this flaw to gain administrative privileges if the floppy disk
module is loaded. (CVE-2014-1737)
A flaw was discovered in the vhost-net subsystem of the Linux kernel. Guest
OS users could exploit this flaw to cause a denial of service (host OS
crash). (CVE-2014-0055)
A flaw was discovered in the handling of networ
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2014-05-27·CVSS 4.9
CVE-2013-4483 [MEDIUM] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Several security issues were fixed in the kernel.
A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An
unprivileged user could exploit this flaw to cause a denial of service
(system crash) or potentially gain administrator privileges.
(CVE-2014-0196)
Matthew Daley reported an information leak in the floppy disk driver of the
Linux kernel. An unprivileged local user could exploit this flaw to obtain
potentially sensitive information from kernel memory. (CVE-2014-1738)
Matthew Daley reported a flaw in the handling of ioctl commands by the
floppy disk driver in the Linux kernel. An unprivileged local user could
exploit this flaw to gain administrative privileges if the floppy disk
module is loaded. (CVE-2014-1737)
A
Ubuntu
Linux kernel (Quantal HWE) vulnerabilities
vendor_ubuntu·2014-05-27·CVSS 4.9
CVE-2013-4483 [MEDIUM] Linux kernel (Quantal HWE) vulnerabilities
Title: Linux kernel (Quantal HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Matthew Daley reported an information leak in the floppy disk driver of the
Linux kernel. An unprivileged local user could exploit this flaw to obtain
potentially sensitive information from kernel memory. (CVE-2014-1738)
Matthew Daley reported a flaw in the handling of ioctl commands by the
floppy disk driver in the Linux kernel. An unprivileged local user could
exploit this flaw to gain administrative privileges if the floppy disk
module is loaded. (CVE-2014-1737)
A flaw was discovered in the Linux kernel's IPC reference counting. An
unprivileged local user could exploit this flaw to cause a denial of
service (OOM system crash). (CVE-2013-4483)
A flaw was discovered in the vho
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2014-05-27·CVSS 5.5
CVE-2014-0055 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Matthew Daley reported an information leak in the floppy disk driver of the
Linux kernel. An unprivileged local user could exploit this flaw to obtain
potentially sensitive information from kernel memory. (CVE-2014-1738)
Matthew Daley reported a flaw in the handling of ioctl commands by the
floppy disk driver in the Linux kernel. An unprivileged local user could
exploit this flaw to gain administrative privileges if the floppy disk
module is loaded. (CVE-2014-1737)
A flaw was discovered in the vhost-net subsystem of the Linux kernel. Guest
OS users could exploit this flaw to cause a denial of service (host OS
crash). (CVE-2014-0055)
A flaw was discovered in the handling of network packets wh
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2014-05-27·CVSS 5.5
CVE-2014-0077 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Matthew Daley reported an information leak in the floppy disk driver of the
Linux kernel. An unprivileged local user could exploit this flaw to obtain
potentially sensitive information from kernel memory. (CVE-2014-1738)
Matthew Daley reported a flaw in the handling of ioctl commands by the
floppy disk driver in the Linux kernel. An unprivileged local user could
exploit this flaw to gain administrative privileges if the floppy disk
module is loaded. (CVE-2014-1737)
A flaw was discovered in the handling of network packets when mergeable
buffers are disabled for virtual machines in the Linux kernel. Guest OS
users may exploit this flaw to cause a denial of service (host OS crash) or
possibly ga
Ubuntu
Linux kernel (Raring HWE) vulnerabilities
vendor_ubuntu·2014-05-27·CVSS 5.5
CVE-2014-0055 [MEDIUM] Linux kernel (Raring HWE) vulnerabilities
Title: Linux kernel (Raring HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Matthew Daley reported an information leak in the floppy disk driver of the
Linux kernel. An unprivileged local user could exploit this flaw to obtain
potentially sensitive information from kernel memory. (CVE-2014-1738)
Matthew Daley reported a flaw in the handling of ioctl commands by the
floppy disk driver in the Linux kernel. An unprivileged local user could
exploit this flaw to gain administrative privileges if the floppy disk
module is loaded. (CVE-2014-1737)
A flaw was discovered in the vhost-net subsystem of the Linux kernel. Guest
OS users could exploit this flaw to cause a denial of service (host OS
crash). (CVE-2014-0055)
A flaw was discovered in the handling of netwo
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2014-05-26·CVSS 4.9
CVE-2013-4483 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Matthew Daley reported an information leak in the floppy disk driver of the
Linux kernel. An unprivileged local user could exploit this flaw to obtain
potentially sensitive information from kernel memory. (CVE-2014-1738)
Matthew Daley reported a flaw in the handling of ioctl commands by the
floppy disk driver in the Linux kernel. An unprivileged local user could
exploit this flaw to gain administrative privileges if the floppy disk
module is loaded. (CVE-2014-1737)
A flaw was discovered in the Linux kernel's IPC reference counting. An
unprivileged local user could exploit this flaw to cause a denial of
service (OOM system crash). (CVE-2013-4483)
Al Viro discovered an error in how CIFS in the
Red Hat
kernel: net: ping: refcount issue in ping_init_sock() function
vendor_redhat·2014-04-11·CVSS 6.9
CVE-2014-2851 [MEDIUM] kernel: net: ping: refcount issue in ping_init_sock() function
kernel: net: ping: refcount issue in ping_init_sock() function
Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.
A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
Statement: This issue does not affect Linux kernel packages as shipped with Red Hat Enterprise Linux 5.
Package: kernel (Red Hat Enterprise Linux 5) - Not affected
Debian
CVE-2014-2851: linux - Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux ...
vendor_debian·2014·CVSS 6.9
CVE-2014-2851 [MEDIUM] CVE-2014-2851: linux - Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux ...
Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.
Scope: local
bookworm: resolved (fixed in 3.14.4-1)
bullseye: resolved (fixed in 3.14.4-1)
forky: resolved (fixed in 3.14.4-1)
sid: resolved (fixed in 3.14.4-1)
trixie: resolved (fixed in 3.14.4-1)
GHSA
GHSA-3mg4-jfgr-m2q6: Integer overflow in the ping_init_sock function in net/ipv4/ping
ghsa_unreviewed·2022-05-13
CVE-2014-2851 [MEDIUM] CWE-416 GHSA-3mg4-jfgr-m2q6: Integer overflow in the ping_init_sock function in net/ipv4/ping
Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.
OSV
linux vulnerabilities
osv·2014-05-27·CVSS 5.5
CVE-2014-1738 [MEDIUM] linux vulnerabilities
linux vulnerabilities
Matthew Daley reported an information leak in the floppy disk driver of the
Linux kernel. An unprivileged local user could exploit this flaw to obtain
potentially sensitive information from kernel memory. (CVE-2014-1738)
Matthew Daley reported a flaw in the handling of ioctl commands by the
floppy disk driver in the Linux kernel. An unprivileged local user could
exploit this flaw to gain administrative privileges if the floppy disk
module is loaded. (CVE-2014-1737)
A flaw was discovered in the handling of network packets when mergeable
buffers are disabled for virtual machines in the Linux kernel. Guest OS
users may exploit this flaw to cause a denial of service (host OS crash) or
possibly gain privilege on the host OS. (CVE-2014-0077)
Török Edwin discovered a fla
OSV
CVE-2014-2851: Integer overflow in the ping_init_sock function in net/ipv4/ping
osv·2014-04-14·CVSS 6.9
CVE-2014-2851 [MEDIUM] CVE-2014-2851: Integer overflow in the ping_init_sock function in net/ipv4/ping
Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.
No detection rules found.
Bugzilla
CVE-2014-2851 kernel: net: ping: refcount issue in ping_init_sock() function [fedora-all]
bugzilla·2014-04-14·CVSS 6.9
CVE-2014-2851 [MEDIUM] CVE-2014-2851 kernel: net: ping: refcount issue in ping_init_sock() function [fedora-all]
CVE-2014-2851 kernel: net: ping: refcount issue in ping_init_sock() function [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: th
Bugzilla
CVE-2014-2851 kernel: net: ping: refcount issue in ping_init_sock() function
bugzilla·2014-04-11·CVSS 6.9
CVE-2014-2851 [MEDIUM] CVE-2014-2851 kernel: net: ping: refcount issue in ping_init_sock() function
CVE-2014-2851 kernel: net: ping: refcount issue in ping_init_sock() function
A flaw was found in the way ping_init_sock() function handled group_info struct reference counter. Since group_info refcounter is only incremented but never decremented in this codepath, it could lead to refcounter overflow and possibly to use-after-free issue later.
An unprivileged local user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
Upstream patch proposal:
https://lkml.org/lkml/2014/4/10/736
Discussion:
Statement:
This issue does not affect Linux kernel packages as shipped with Red Hat Enterprise Linux 5.
---
Upstream commit:
https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cac
---
Create
arXiv
Towards Linux Kernel Memory Safety
arxiv_fulltext·2017-10-17
Towards Linux Kernel Memory Safety
0.5cm1cm
[1]
printacmref=false
plain
[C]
Towards Linux Kernel Memory Safety
Elena Reshetova
Intel OTC Finland
Espoo
Finland
[email protected]
Hans Liljestrand
Aalto University
Espoo
Finland
[email protected]
Andrew Paverd
Aalto University
Espoo
Finland
[email protected]
N.Asokan
Aalto University
Espoo
Finland
[email protected]
E. Reshetova et al.
Submission 44
Submission 44
CCSXML
10002978.10003006.10003007
Security and privacy Operating systems security
500
CCSXML
[500]Security and privacy Operating systems security
Linux kernel, memory safety
## Abstract
The security of billions of devices worldwide depends on the security and robustness of the mainline Linux kernel.
However, the increasing number of kernel-specific vulnerabilities, especiall
http://secunia.com/advisories/59386http://secunia.com/advisories/59599http://www.debian.org/security/2014/dsa-2926http://www.openwall.com/lists/oss-security/2014/04/11/4http://www.securityfocus.com/bid/66779http://www.securitytracker.com/id/1030769https://bugzilla.redhat.com/show_bug.cgi?id=1086730https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cachttps://lkml.org/lkml/2014/4/10/736http://secunia.com/advisories/59386http://secunia.com/advisories/59599http://www.debian.org/security/2014/dsa-2926http://www.openwall.com/lists/oss-security/2014/04/11/4http://www.securityfocus.com/bid/66779http://www.securitytracker.com/id/1030769https://bugzilla.redhat.com/show_bug.cgi?id=1086730https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cachttps://lkml.org/lkml/2014/4/10/736
2014-04-14
Published