CVE-2014-9529Race Condition in Kernel

CWE-362Race ConditionCWE-416Use After Free26 documents10 sources
Severity
6.9MEDIUMNVD
OSV2.1
EPSS
0.1%
top 70.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Linux KernelCanonical Ubuntu LinuxDebian Linux+8 more
Timeline
PublishedJan 9
Latest updateMay 13

Description

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages7 packages

NVDlinux/linux_kernel3.33.4.107+6
Debianlinux/linux_kernel< 3.16.7-ckt4-1+3
Ubuntulinux/linux_kernel< 3.13.0-46.77+2

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 10.04, 12.04, 14.04, 14.10, Enterprise Linux 6.6, 7.3, 7.4, 7.6, 7.7, 7.1, 7.2, 7.5, Fedora 20, 21

Patches

Patch: www.openwall.comPatch: bugzilla.redhat.comPatch: github.com

🔴Vulnerability Details

9
GHSA
GHSA-wc9w-8x8g-533g: Race condition in the key_gc_unused_keys function in security/keys/gc2022-05-13
OSV
linux vulnerabilities2015-03-04
OSV
linux vulnerability2015-02-28
OSV
linux vulnerabilities2015-02-26
OSV
linux-lts-utopic vulnerabilities2015-02-26

📋Vendor Advisories

14
Android
CVE-2014-9529: Android Security Bulletin 2016-09-01 CVE: CVE-2014-9529 Severity: CRITICAL References: A-29510361 Upstream kernel2016-09-01
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities regression2015-03-04
Ubuntu
Linux kernel vulnerabilities regression2015-03-04
Ubuntu
Linux kernel vulnerability regression2015-02-28
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2015-02-26

💬Community

2
Bugzilla
CVE-2014-9529 kernel: memory corruption or panic during key garbage collection [fedora-all]2015-01-07
Bugzilla
CVE-2014-9529 kernel: use-after-free during key garbage collection2015-01-07
CVE-2014-9529 — Race Condition in Linux Kernel | cvebase