Lucene search

[email protected]CVE-2014-0077

HistoryApr 14, 2014 - 11:55 p.m.

CVE-2014-0077

2014-04-1423:55:07

CWE-787

[email protected]

web.nvd.nist.gov

linux kernel

cve-2014-0077

denial of service

memory corruption

privilege escalation

nvd

security vulnerability

5.5 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:A/AC:H/Au:S/C:P/I:P/A:C

6.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.9%

JSON

drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.

Affected configurations

NVD

Node

linuxlinux_kernelRange<3.13.10

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt3.13.10

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	3.13.10

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d8316f3991d207fe32881a9ac20241be8fa2bad0

secunia.com/advisories/59386

secunia.com/advisories/59599

www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.10

www.securityfocus.com/bid/66678

bugzilla.redhat.com/show_bug.cgi?id=1064440

github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0

5.5 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:A/AC:H/Au:S/C:P/I:P/A:C

6.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.9%

JSON

Related for CVE-2014-0077

seebug1 nvd1 debiancve1 ubuntucve1 prion1 cvelist1 oraclelinux4 openvas83 nessus29 redhat4 centos1 mageia10 amazon1 altlinux1 ubuntu8 suse7 securityvulns1 fedora39