CVE-2014-0205

Related Files

Red Hat Security Advisory 2014-1763-01

Posted Oct 30, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1763-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system.

tags | advisory, remote, kernel, local, protocol

systems | linux, redhat

advisories | CVE-2014-0205, CVE-2014-5077

SHA-256 | d11690383c89e9c75a248988ea658d63fe0dc12f7c3772b59090ce8623debdc3

Download | Favorite | View

Red Hat Security Advisory 2014-1365-01

Posted Oct 7, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1365-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation. The security impact of this issue was discovered by Mateusz Guzik of Red Hat.

tags | advisory, kernel, local

systems | linux, redhat

advisories | CVE-2014-0205

SHA-256 | c2343d25910ceefcf059ad29ff2592f9a1401573dd5fe81e74fefd23855846c1

Download | Favorite | View

Red Hat Security Advisory 2014-1167-01

Posted Sep 11, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1167-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation. A NULL pointer dereference flaw was found in the way the Linux kernel's networking implementation handled logging while processing certain invalid packets coming in via a VxLAN interface. A remote attacker could use this flaw to crash the system by sending a specially crafted packet to such an interface.

tags | advisory, remote, kernel, local

systems | linux, redhat

advisories | CVE-2014-0205, CVE-2014-3535, CVE-2014-3917, CVE-2014-4667

SHA-256 | f4cef6046c510265613db29bd8c542c592cf332bb9e20ce25867d4caa0282acd

Download | Favorite | View