CVE-2014-0102

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 11-03-2014 02:01

Last modified: - 21-09-2022 08:44

Total changes: - 2

Description

The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service (OOPS) via crafted keyctl commands.

Common Vulnerability Scoring System (CVSS)

AV:A/AC:M/Au:S/C:N/I:N/A:C

Low

Attack complexity

Adjacent

Attack vector

High

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

5.2

Base score

4.4

6.9

Exploitability score

Impact score

Verification logic

Reference

[oss-security] 20140304 CVE-2014-0102 -- Linux kernel: security: keyring cycle detector DoS-Mailing List, Patch, Third Party Advisory
[linux-kernel] 20140227 kernel BUG at security/keys/keyring.c:1003!-Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1072419
http://www.kernelhub.org/?msg=425013&p=2

Keywords

CVE-2014-0102

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2014-0102

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures