cbcvebase.
CVE-2014-3631
published 2014-09-28

CVE-2014-3631: The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage…

PriorityP429high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
0.96%
57.2th percentile
The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation.

Affected

8 ranges
VendorProductVersion rangeFixed in
debianlinux< linux 3.16.3-1 (bookworm)linux 3.16.3-1 (bookworm)
linuxlinux_kernel>= 0 < 3.16.3-13.16.3-1
linuxlinux_kernel>= 0 < 3.16.3-13.16.3-1
linuxlinux_kernel>= 0 < 3.16.3-13.16.3-1
linuxlinux_kernel>= 0 < 3.16.3-13.16.3-1
linuxlinux_kernel>= 0 < 3.13.0-37.643.13.0-37.64
linuxlinux_kernel>= 3.13 < 3.14.193.14.19
linuxlinux_kernel>= 3.15 < 3.16.33.16.3

CVSS provenance

nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2HIGH
vendor_redhat7.2HIGH
vendor_ubuntu6.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.