CVE-2014-2851 — MEDIUM (6.9)

Q: How severe is CVE-2014-2851?

CVE-2014-2851 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-2851?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux.

Vulnerability Description

Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.

CVSS Score

6.9

MEDIUM

AV:L/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 3.0, < 3.2.60
Debian	Debian Linux	7.0

Related Weaknesses (CWE)

CWE-416

References

http://secunia.com/advisories/59386Broken Link
http://secunia.com/advisories/59599Broken Link
http://www.debian.org/security/2014/dsa-2926Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/04/11/4Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/66779Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1030769Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1086730Issue TrackingPatchThird Party Advisory
https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c461902ExploitPatchVendor Advisory
https://lkml.org/lkml/2014/4/10/736Mailing ListPatchVendor Advisory
http://secunia.com/advisories/59386Broken Link
http://secunia.com/advisories/59599Broken Link
http://www.debian.org/security/2014/dsa-2926Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/04/11/4Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/66779Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1030769Third Party AdvisoryVDB Entry

FAQ

What is CVE-2014-2851?

CVE-2014-2851 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain...

How severe is CVE-2014-2851?

CVE-2014-2851 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-2851?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux.