CVE-2014-2673
kernel: powerpc: tm: crash when forking inside a transaction
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service (Program Check and system crash) via certain instructions that are executed with the processor in the Transactional state.
La función arch_dup_task_struct en la implementación Transactional Memory (TM) en arch/powerpc/kernel/process.c en el kernel de Linux anterior a 3.13.7 en la plataforma powerpc no interactúa debidamente con las llamadas de sistema clon y fork, lo que permite a usuarios locales causar una denegación de servicio (comprobación de programa y caída de sistema) a través de ciertas instrucciones que son ejecutadas con el procesador en el estado transaccional.
A flaw was found in the way the Linux kernel performed forking inside of a transaction. A local, unprivileged user on a PowerPC system that supports transactional memory could use this flaw to crash the system.
The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that Linux kernel's ptrace subsystem did not properly sanitize the address-space-control bits when the program-status word was being set. On IBM S/390 systems, a local, unprivileged user could use this flaw to set address-space-control bits to the kernel space, and thus gain read and write access to kernel memory. It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-03-30 CVE Reserved
- 2014-04-01 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=621b5060e823301d0cba4cb52a7ee3491922d291 | X_refsource_confirm | |
| http://secunia.com/advisories/57436 | Third Party Advisory | |
| http://www.securityfocus.com/bid/66477 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/92113 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/03/30/5 | 2023-11-07 | |
| https://github.com/torvalds/linux/commit/621b5060e823301d0cba4cb52a7ee3491922d291 | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7 | 2023-11-07 | |
| https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.15 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2014-2673 | 2014-08-06 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1083213 | 2014-08-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 3.13.7 Search vendor "Linux" for product "Linux Kernel" and version " < 3.13.7" | - |
Affected
| ||||||