CVE-2014-0100

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 11-03-2014 02:01

Last modified: - 19-01-2023 05:08

Total changes: - 3

Description

Race condition in the inet_frag_intern function in net/ipv4/inet_fragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service (use-after-free error) or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system with a heavy CPU load.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:C/I:C/A:C

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

9.3

Base score

8.6

10.0

Exploitability score

Impact score

Verification logic

Reference

[oss-security] 20140304 CVE-2014-0100 -- Linux kernel: net: inet frag code race condition leading to user-after-free-Mailing List, Patch, Third Party Advisory
http://patchwork.ozlabs.org/patch/325844/
https://bugzilla.redhat.com/show_bug.cgi?id=1070618

Keywords

CVE-2014-0100

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2014-0100

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures