CVE-2014-3940

CWE-362 — Race Condition10 documents8 sources

Severity

4.0MEDIUM

EPSS

0.0%

top 87.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Redhat Enterprise Linux Redhat Enterprise MRG

Timeline

PublishedJun 5

Latest updateMay 13

Description

The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c.

CVSS vector

AV:L/AC:H/C:N/I:N/A:CExploitability: 1.9 | Impact: 6.9

Affected Packages3 packages

▶NVDlinux/linux_kernel3.14.5+5

▶Debianlinux< 3.14.7-1+3

▶NVDredhat/enterprise_mrg2.0

Also affects: Enterprise Linux 6.0

🔴Vulnerability Details

GHSA

GHSA-pp3m-vq48-qr56: The Linux kernel through 3↗2022-05-13

▶

OSV

CVE-2014-3940: The Linux kernel through 3↗2014-06-05

▶

CVEList

CVE-2014-3940: The Linux kernel through 3↗2014-06-05

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2014-07-17

▶

Ubuntu

Linux kernel (Trusty HWE) vulnerabilities↗2014-07-17

▶

Red Hat

Kernel: missing check during hugepage migration↗2014-03-18

▶

Debian

CVE-2014-3940: linux - The Linux kernel through 3.14.5 does not properly consider the presence of huget...↗2014

▶

💬Community

Bugzilla

CVE-2014-3940 Kernel: missing check during hugepage migration [fedora-all]↗2014-06-05

▶

Bugzilla

CVE-2014-3940 Kernel: missing check during hugepage migration↗2014-06-03

▶