CVE-2014-7145 — NULL Pointer Dereference in Kernel

CWE-399 CWE-476 — NULL Pointer Dereference10 documents8 sources

Severity

7.8HIGHNVD

EPSS

1.2%

top 21.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Canonical Ubuntu Linux Redhat Enterprise Linux Desktop +3 more

Timeline

PublishedSep 28

Latest updateMay 17

Description

The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages6 packages

▶NVDlinux/linux_kernel3.6 — 3.10.55+3

▶Debianlinux/linux_kernel< 3.16.3-1+3

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

▶NVDredhat/enterprise_linux_hpc_node7.0

Also affects: Ubuntu Linux 12.04

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-pcv5-8q8x-qqfx: The SMB2_tcon function in fs/cifs/smb2pdu↗2022-05-17

▶

OSV

CVE-2014-7145: The SMB2_tcon function in fs/cifs/smb2pdu↗2014-09-28

▶

CVEList

CVE-2014-7145: The SMB2_tcon function in fs/cifs/smb2pdu↗2014-09-28

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2014-10-30

▶

Ubuntu

Linux kernel (Trusty HWE) vulnerabilities↗2014-10-30

▶

Red Hat

Kernel: cifs: NULL pointer dereference in SMB2_tcon↗2014-08-17

▶

Debian

CVE-2014-7145: linux - The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 al...↗2014

▶

💬Community

Bugzilla

CVE-2014-7145 Kernel: cifs: NULL pointer dereference in SMB2_tcon↗2014-09-29

▶

Bugzilla

CVE-2014-7145 Kernel: cifs: NULL pointer dereference in SMB2_tcon [fedora-all]↗2014-09-29

▶