CVE-2014-2039

Kernel: s390: crash due to linkage stack instructions

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s390 platform does not properly handle attempted use of the linkage stack, which allows local users to cause a denial of service (system crash) by executing a crafted instruction.

arch/s390/kernel/head64.S en el kernel de Linux anterior a 3.13.5 en la plataforma s390 no maneja debidamente intentos de uso de la pila de vinculación, lo que permite a usuarios locales causar una denegación de servicio (caída de sistema) mediante la ejecución de una instrucción manipulada.

The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. Various other issues were also addressed.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-02-19 CVE Reserved
2014-02-28 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (10)

URL	Tag	Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d7f6690cedb83456edd41c9bd583783f0703bf0	X_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-0771.html	Third Party Advisory
http://secunia.com/advisories/59262	Third Party Advisory
http://secunia.com/advisories/59309	Third Party Advisory
http://www.securityfocus.com/bid/65700	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
http://www.openwall.com/lists/oss-security/2014/02/20/14	2023-02-13
https://github.com/torvalds/linux/commit/8d7f6690cedb83456edd41c9bd583783f0703bf0	2023-02-13

URL	Date	SRC
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.5	2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=1067558	2014-06-19
https://access.redhat.com/security/cve/CVE-2014-2039	2014-06-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 3.13.5 Search vendor "Linux" for product "Linux Kernel" and version " < 3.13.5"		-		Affected