CVSS: 7.1EPSS: 3%CPEs: 5EXPL: 0CVE-2014-2672 – kernel: ath9k: tid->sched race in ath_tx_aggr_sleep()
https://notcve.org/view.php?id=CVE-2014-2672
Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions. Condición de carrera en la función ath_tx_aggr_sleep en drivers/net/wireless/ath/ath9k/xmit.c en el kernel de Linux anterior a 3.13.7 permite a atacantes remotos causar una denegación de servicio (caída de sistema) a través de una cantidad grande de tráfico de red que provoca ciertas eliminaciones de lista. It was found that a remote attacker could use a race condition flaw in the ath_tx_aggr_sleep() function to crash the system by creating large network traffic on the system's Atheros 9k wireless network adapter. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=21f8aaee0c62708654988ce092838aa7df4d25d8 http://secunia.com/advisories/57468 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7 http://www.openwall.com/lists/oss-security/2014/03/30/5 http://www.securityfocus.com/bid/66492 https://bugzilla.kernel.org/show_bug.cgi?id=70551 https://github.com/torvalds/linux/commit/21f8aaee0c62708654988ce092838aa7df4d25d8 https://www.kernel.org/pub/linux/kernel/v3 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2673 – kernel: powerpc: tm: crash when forking inside a transaction
https://notcve.org/view.php?id=CVE-2014-2673
The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service (Program Check and system crash) via certain instructions that are executed with the processor in the Transactional state. La función arch_dup_task_struct en la implementación Transactional Memory (TM) en arch/powerpc/kernel/process.c en el kernel de Linux anterior a 3.13.7 en la plataforma powerpc no interactúa debidamente con las llamadas de sistema clon y fork, lo que permite a usuarios locales causar una denegación de servicio (comprobación de programa y caída de sistema) a través de ciertas instrucciones que son ejecutadas con el procesador en el estado transaccional. A flaw was found in the way the Linux kernel performed forking inside of a transaction. A local, unprivileged user on a PowerPC system that supports transactional memory could use this flaw to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=621b5060e823301d0cba4cb52a7ee3491922d291 http://secunia.com/advisories/57436 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7 http://www.openwall.com/lists/oss-security/2014/03/30/5 http://www.securityfocus.com/bid/66477 https://exchange.xforce.ibmcloud.com/vulnerabilities/92113 https://github.com/torvalds/linux/commit/621b5060e823301d0cba4cb52a7ee3491922d291 https://www.kernel.org/pub/linux/kernel/ • CWE-20: Improper Input Validation •
CVSS: 2.9EPSS: 0%CPEs: 2EXPL: 1CVE-2014-2568 – kernel: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied
https://notcve.org/view.php?id=CVE-2014-2568
Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced. Vulnerabilidad de uso después de liberación en la función nfqnl_zcopy en net/netfilter/nfnetlink_queue_core.c en el kernel de Linux hasta 3.13.6 permite a atacantes obtener información sensible de la memoria del kernel mediante el aprovechamiento de la ausencia de cierta operación huérfana. NOTA: el código afectado fue trasladado a la función skb_zerocopy en net/core/skbuff.c antes de que la vulnerabilidad fue anunciada. • http://seclists.org/oss-sec/2014/q1/627 http://secunia.com/advisories/59599 http://www.openwall.com/lists/oss-security/2014/03/20/16 http://www.securityfocus.com/bid/66348 http://www.ubuntu.com/usn/USN-2240-1 https://bugzilla.redhat.com/show_bug.cgi?id=1079012 https://exchange.xforce.ibmcloud.com/vulnerabilities/91922 https://lkml.org/lkml/2014/3/20/421 https://access.redhat.com/security/cve/CVE-2014-2568 • CWE-416: Use After Free •
CVSS: 2.9EPSS: 0%CPEs: 3EXPL: 0CVE-2014-0131
https://notcve.org/view.php?id=CVE-2014-0131
Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. Vulnerabilidad de uso después de liberación en la función skb_segment en net/core/skbuff.c en el kernel de Linux hasta 3.13.6 permite a atacantes obtener información sensible de la memoria del kernel mediante el aprovechamiento de la ausencia de cierta operación huérfana. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1fd819ecb90cc9b822cd84d3056ddba315d3340f http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://www.openwall.com/lists/oss-security/2014/03/10/4 http://www.spinics.net/lists/netdev/msg274250.html http://www.spinics.net/lists/netdev/msg274316.html https://bugzilla.redhat.com/show_bug.cgi?id=1074589 https:// • CWE-416: Use After Free •
CVSS: 10.0EPSS: 7%CPEs: 6EXPL: 0CVE-2014-2523 – kernel: netfilter: nf_conntrack_dccp: incorrect skb_header_pointer API usages
https://notcve.org/view.php?id=CVE-2014-2523
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function. net/netfilter/nf_conntrack_proto_dccp.c en el kernel de Linux hasta 3.13.6 utiliza un puntero de cabecera DCCP incorrectamente, lo que permite a atacantes remotos causar una denegación de servicio (caída de sistema) o posiblemente ejecutar código arbitrario a través de un paquete DCCP que provoca una llamada la función (1) dccp_new, (2) dccp_packet o (3) dccp_error. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92 http://secunia.com/advisories/57446 http://twitter.com/grsecurity/statuses/445496197399461888 http://www.openwall.com/lists/oss-security/2014/03/17/7 http://www.securityfocus.com/bid/66279 http://www.securitytracker.com/id/1029945 http://www.ubuntu.com/usn/USN-2173-1 http://www.ubuntu.com/usn/USN-2174-1 https://bugzilla.redhat.com/show_bug.cgi?id=1077343 • CWE-20: Improper Input Validation •