CVE-2014-2568
kernel: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced.
Vulnerabilidad de uso después de liberación en la función nfqnl_zcopy en net/netfilter/nfnetlink_queue_core.c en el kernel de Linux hasta 3.13.6 permite a atacantes obtener información sensible de la memoria del kernel mediante el aprovechamiento de la ausencia de cierta operación huérfana. NOTA: el código afectado fue trasladado a la función skb_zerocopy en net/core/skbuff.c antes de que la vulnerabilidad fue anunciada.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-03-20 CVE Reserved
- 2014-03-24 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-416: Use After Free
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://seclists.org/oss-sec/2014/q1/627 | Mailing List | |
http://secunia.com/advisories/59599 | Broken Link | |
http://www.securityfocus.com/bid/66348 | Third Party Advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/91922 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://lkml.org/lkml/2014/3/20/421 | 2024-08-06 |
URL | Date | SRC |
---|---|---|
http://www.openwall.com/lists/oss-security/2014/03/20/16 | 2019-05-10 |
URL | Date | SRC |
---|---|---|
http://www.ubuntu.com/usn/USN-2240-1 | 2019-05-10 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1079012 | 2014-06-24 | |
https://access.redhat.com/security/cve/CVE-2014-2568 | 2014-06-24 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.0 <= 3.13.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.0 <= 3.13.6" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
|