Lucene search

[email protected]CVE-2014-0998

HistoryFeb 02, 2015 - 4:59 p.m.

CVE-2014-0998

2015-02-0216:59:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2014-0998

integer signedness error

freebsd

denial of service

privilege escalation

kernel memory access

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Integer signedness error in the vt console driver (formerly Newcons) in FreeBSD 9.3 before p10 and 10.1 before p6 allows local users to cause a denial of service (crash) and possibly gain privileges via a negative value in a VT_WAITACTIVE ioctl call, which triggers an array index error and out-of-bounds kernel memory access.

Affected configurations

NVD

Node

freebsdfreebsdMatch10.1

CPENameOperatorVersion
freebsd:freebsdfreebsdeq10.1

CPE	Name	Operator	Version
freebsd:freebsd	freebsd	eq	10.1

References

seclists.org/fulldisclosure/2015/Jan/107

www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities

www.securityfocus.com/archive/1/534563/100/0/threaded

www.freebsd.org/security/advisories/FreeBSD-EN-15:01.vt.asc

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2014-0998

debiancve1 threatpost1 zdt1 cvelist1 prion1 nvd1 coresecurity1 packetstorm1 exploitpack1 securityvulns1 exploitdb1