CVE-2014-3940

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 05-06-2014 07:55

Last modified: - 21-09-2022 08:44

Total changes: - 2

Description

The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:H/Au:N/C:N/I:N/A:C

High

Attack complexity

Local

Attack vector

High

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

4.0

Base score

1.9

6.9

Exploitability score

Impact score

Verification logic

Reference

[oss-security] 20140602 CVE-2014-3940 - Linux kernel - missing check during hugepage migration-
https://bugzilla.redhat.com/show_bug.cgi?id=1104097
[linux-kernel] 20140318 [PATCH RESEND -mm 1/2] mm: add !pte_present() check on existing hugetlb_entry callbacks-
67786-
59011-
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html
61310-
RHSA-2015:0290-
RHSA-2015:1272-

Keywords

CVE-2014-3940

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2014-3940

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures