CVE-2014-3145 — Out-of-bounds Read in Kernel
Severity
4.9MEDIUMNVD
EPSS
0.1%
top 82.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 11
Latest updateMay 13
Description
The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced.
CVSS vector
AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9
Affected Packages3 packages
Also affects: Debian Linux 7.0, Ubuntu Linux 10.04, 12.04, 13.10
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-j8w5-jmwr-rhqh: The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter↗2022-05-13
OSV▶
CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter↗2014-05-11
CVEList▶
CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter↗2014-05-11
📋Vendor Advisories
12Android▶
CVE-2014-3145: Android Security Bulletin 2017-04-01
CVE: CVE-2014-3145
Severity: HIGH
References: A-34469585
Upstream kernel
[2]↗2017-04-01