CVE-2014-0205

Related Files

Red Hat Security Advisory 2014-1763-01

Posted Oct 30, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1763-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system.

tags | advisory, remote, kernel, local, protocol

systems | linux, redhat

advisories | CVE-2014-0205, CVE-2014-5077

MD5 | ca07233fab2073aabf1d79398b6b0382

Download | Favorite | View

Red Hat Security Advisory 2014-1365-01

Posted Oct 7, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1365-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation. The security impact of this issue was discovered by Mateusz Guzik of Red Hat.

tags | advisory, kernel, local

systems | linux, redhat

advisories | CVE-2014-0205

MD5 | de85b12843c9f44e84c4590dc40e2600

Download | Favorite | View

Red Hat Security Advisory 2014-1167-01

Posted Sep 11, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1167-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation. A NULL pointer dereference flaw was found in the way the Linux kernel's networking implementation handled logging while processing certain invalid packets coming in via a VxLAN interface. A remote attacker could use this flaw to crash the system by sending a specially crafted packet to such an interface.

tags | advisory, remote, kernel, local

systems | linux, redhat

advisories | CVE-2014-0205, CVE-2014-3535, CVE-2014-3917, CVE-2014-4667

MD5 | c415b08deab80e3475be84fad802c015

Download | Favorite | View