Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-4943Improper Privilege Management in Kernel

CWE-269Improper Privilege Management20 documents9 sources
Severity
6.9MEDIUMNVD
OSV2.1
EPSS
1.0%
top 22.59%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
6
Linux KernelDebian LinuxOpensuse+3 more
Timeline
PublishedJul 19
Latest updateMay 13

Description

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages6 packages

NVDlinux/linux_kernel2.6.233.2.62+5
Debianlinux/linux_kernel< 3.14.13-1+3
Ubuntulinux/linux_kernel< 3.13.0-32.57

Also affects: Debian Linux 7.0, Enterprise Linux 6.2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-8xp6-4x45-vm77: The PPPoL2TP feature in net/l2tp/l2tp_ppp2022-05-13
OSV
CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp2014-07-19
CVEList
CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp2014-07-19
OSV
linux vulnerabilities2014-07-17

💥Exploits & PoCs

1
Exploit-DB
Linux Kernel 3.15.6 - PPP-over-L2TP Socket Level Handling Crash (PoC)2015-03-04

📋Vendor Advisories

12
Ubuntu
Linux kernel (Quantal HWE) vulnerabilities2014-07-17
Ubuntu
Linux kernel (Raring HWE) vulnerabilities2014-07-17
Ubuntu
Linux kernel vulnerabilities2014-07-17
Ubuntu
Linux kernel vulnerabilities2014-07-17
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2014-07-17

💬Community

2
Bugzilla
CVE-2014-4943 kernel: net: pppol2tp: level handling in pppol2tp_[s,g]etsockopt() [fedora-all]2014-07-17
Bugzilla
CVE-2014-4943 kernel: net: pppol2tp: level handling in pppol2tp_[s,g]etsockopt()2014-07-14
CVE-2014-4943 — Improper Privilege Management in Kernel | cvebase