CVE-2014-3940

The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:H/Au:N/C:N/I:N/A:C

Exploitability : 1.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2015-0290.html
http://rhn.redhat.com/errata/RHSA-2015-1272.html
http://secunia.com/advisories/59011
http://secunia.com/advisories/61310
http://www.openwall.com/lists/oss-security/2014/06/02/5
http://www.securityfocus.com/bid/67786
https://bugzilla.redhat.com/show_bug.cgi?id=1104097
https://lkml.org/lkml/2014/3/18/784
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html
http://rhn.redhat.com/errata/RHSA-2015-0290.html
http://rhn.redhat.com/errata/RHSA-2015-1272.html
http://secunia.com/advisories/59011
http://secunia.com/advisories/61310
http://www.openwall.com/lists/oss-security/2014/06/02/5
http://www.securityfocus.com/bid/67786
https://bugzilla.redhat.com/show_bug.cgi?id=1104097
https://lkml.org/lkml/2014/3/18/784
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_mrg:2.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:3.14:-::::::
	cpe:2.3:o:linux:linux_kernel:3.14:rc1::::::
	cpe:2.3:o:linux:linux_kernel:3.14:rc2::::::
	cpe:2.3:o:linux:linux_kernel:3.14:rc3::::::
	cpe:2.3:o:linux:linux_kernel:3.14:rc4::::::
	cpe:2.3:o:linux:linux_kernel:3.14:rc5::::::
	cpe:2.3:o:linux:linux_kernel:3.14:rc6::::::
	cpe:2.3:o:linux:linux_kernel:3.14:rc7::::::
	cpe:2.3:o:linux:linux_kernel:3.14:rc8::::::
	cpe:2.3:o:linux:linux_kernel:3.14.1:::::::*
	cpe:2.3:o:linux:linux_kernel:3.14.2:::::::*
	cpe:2.3:o:linux:linux_kernel:3.14.3:::::::*
	cpe:2.3:o:linux:linux_kernel:3.14.4:::::::*

History

21 Nov 2024, 02:09

Type	Values Removed	Values Added
References	~~() http://rhn.redhat.com/errata/RHSA-2015-0290.html -~~	() http://rhn.redhat.com/errata/RHSA-2015-0290.html -
References	~~() http://rhn.redhat.com/errata/RHSA-2015-1272.html -~~	() http://rhn.redhat.com/errata/RHSA-2015-1272.html -
References	~~() http://secunia.com/advisories/59011 -~~	() http://secunia.com/advisories/59011 -
References	~~() http://secunia.com/advisories/61310 -~~	() http://secunia.com/advisories/61310 -
References	~~() http://www.openwall.com/lists/oss-security/2014/06/02/5 -~~	() http://www.openwall.com/lists/oss-security/2014/06/02/5 -
References	~~() http://www.securityfocus.com/bid/67786 -~~	() http://www.securityfocus.com/bid/67786 -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=1104097 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=1104097 -
References	~~() https://lkml.org/lkml/2014/3/18/784 -~~	() https://lkml.org/lkml/2014/3/18/784 -
References	~~() https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html -~~	() https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html -

Information

Published : 2014-06-05 17:55

Updated : 2024-11-21 02:09

NVD link : CVE-2014-3940

Mitre link : CVE-2014-3940

CVE.ORG link : CVE-2014-3940

JSON object : View

Products Affected

redhat

enterprise_mrg
enterprise_linux

linux

linux_kernel

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

4.0 /10