CVE-2014-9428

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 02-01-2015 10:59

Last modified: - 20-01-2023 04:02

Total changes: - 3

Description

The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows remote attackers to cause a denial of service (mesh-node system crash) via fragmented packets.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:N/I:N/A:C

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

7.8

Base score

10.0

6.9

Exploitability score

Impact score

Verification logic

Reference

http://bugs.debian.org/774155
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5b6698b0e4a37053de35cc24ee695b98a7eb712b
[b.a.t.m.a.n] 20141118 kernel BUG at net/core/skbuff.c:100-Third Party Advisory
[oss-security] 20141231 Re: CVE Request: Linux: Remote crash via batman-adv module - Linux kernel-Mailing List, Third Party Advisory
https://github.com/torvalds/linux/commit/5b6698b0e4a37053de35cc24ee695b98a7eb712b
[netdev] 20141220 Stable fixes for batman-adv-Third Party Advisory
USN-2518-1-Third Party Advisory
USN-2515-1-Third Party Advisory
USN-2516-1-Third Party Advisory
USN-2517-1-Third Party Advisory
MDVSA-2015:058-Broken Link
FEDORA-2015-0517-Mailing List, Third Party Advisory
FEDORA-2015-0515-Mailing List, Third Party Advisory

Keywords

CVE-2014-9428

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2014-9428

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures