CVE-2014-3144 — Integer Overflow or Wraparound in Kernel
Severity
4.9MEDIUMNVD
EPSS
0.1%
top 82.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 11
Latest updateMay 13
Description
The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced.
CVSS vector
AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9
Affected Packages3 packages
Also affects: Debian Linux 7.0, Ubuntu Linux 10.04, 12.04, 13.10
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-j677-36rf-54pg: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter↗2022-05-13
OSV▶
CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter↗2014-05-11
CVEList▶
CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter↗2014-05-11