Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2014-7284
HistoryOct 13, 2014 - 10:55 a.m.

CVE-2014-7284

2014-10-1310:55:08
CWE-200
mitre
web.nvd.nist.gov
41
cve-2014-7284
net_get_random_once
linux kernel
intel processors
ip communication
tcp sequence numbers
udp port numbers
ip id values
nvd
security vulnerability

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

5

Confidence

High

EPSS

0.025

Percentile

90.1%

JSON

The net_get_random_once implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote attackers to spoof or disrupt IP communication by leveraging the predictability of TCP sequence numbers, TCP and UDP port numbers, and IP ID values.

Affected configurations

Nvd
Node
linuxlinux_kernelMatch3.13.1
OR
linuxlinux_kernelMatch3.13.2
OR
linuxlinux_kernelMatch3.13.3
OR
linuxlinux_kernelMatch3.13.4
OR
linuxlinux_kernelMatch3.13.5
OR
linuxlinux_kernelMatch3.13.6
OR
linuxlinux_kernelMatch3.13.7
OR
linuxlinux_kernelMatch3.13.8
OR
linuxlinux_kernelMatch3.13.9
OR
linuxlinux_kernelMatch3.13.10
OR
linuxlinux_kernelMatch3.13.11
OR
linuxlinux_kernelMatch3.14.1
OR
linuxlinux_kernelMatch3.14.2
OR
linuxlinux_kernelMatch3.14.3
OR
linuxlinux_kernelMatch3.14.4
VendorProductVersionCPE
linuxlinux_kernel3.13.5cpe:/o:linux:linux_kernel:3.13.5:::
linuxlinux_kernel3.13.7cpe:/o:linux:linux_kernel:3.13.7:::
linuxlinux_kernel3.13.4cpe:/o:linux:linux_kernel:3.13.4:::
linuxlinux_kernel3.14.4cpe:/o:linux:linux_kernel:3.14.4:::
linuxlinux_kernel3.13.3cpe:/o:linux:linux_kernel:3.13.3:::
linuxlinux_kernel3.13.11cpe:/o:linux:linux_kernel:3.13.11:::
linuxlinux_kernel3.14.2cpe:/o:linux:linux_kernel:3.14.2:::
linuxlinux_kernel3.14.3cpe:/o:linux:linux_kernel:3.14.3:::
linuxlinux_kernel3.13.2cpe:/o:linux:linux_kernel:3.13.2:::
linuxlinux_kernel3.14.1cpe:/o:linux:linux_kernel:3.14.1:::
Rows per page:
1-10 of 151

Related

debiancve 1
f5 2
prion 1
cvelist 1
ubuntucve 1
nvd 1
openvas 5
nessus 1
mageia 3
ubuntu 2
debiancve
debiancve
CVE-2014-7284
2014-10-13 10:55:08
f5
f5
K15795 : Linux kernel vulnerability CVE-2014-7284
2014-11-06 00:00:00
SOL15795 - Linux kernel vulnerability CVE-2014-7284
2014-11-06 00:00:00
prion
prion
Design/Logic Flaw
2014-10-13 10:55:00
cvelist
cvelist
CVE-2014-7284
2014-10-13 10:00:00
ubuntucve
ubuntucve
CVE-2014-7284
2014-10-13 00:00:00
nvd
nvd
CVE-2014-7284
2014-10-13 10:55:08
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0455)
2022-01-28 00:00:00
Mageia: Security Advisory (MGASA-2014-0452)
2022-01-28 00:00:00
Mageia: Security Advisory (MGASA-2014-0451)
2022-01-28 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-2290-1)
2014-07-17 00:00:00
mageia
mageia
Updated kernel-vserver packages fix security vulnerabilities
2014-11-15 21:31:46
Updated kernel-linus packages fix security vulnerabilities
2014-11-15 21:31:46
Updated kernel-tmb packages fix security vulnerabilities
2014-11-15 21:31:46
ubuntu
ubuntu
Linux kernel (Trusty HWE) vulnerabilities
2014-07-17 00:00:00
Linux kernel vulnerabilities
2014-07-17 00:00:00

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

5

Confidence

High

EPSS

0.025

Percentile

90.1%

JSON
Related for CVE-2014-7284
debiancve1f52prion1cvelist1ubuntucve1nvd1openvas5nessus1mageia3ubuntu2