CVE-2014-2706
Kernel: net: mac80211: crash dues to AP powersave TX vs. wakeup race
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c.
Condición de carrera en el subsistema mac80211 en el kernel de Linux anterior a 3.13.7 permite a atacantes remotos causar una denegación de servicio (caída de sistema) a través de trafico de red que no interactúa debidamente con el estado WLAN_STA_PS_STA (también conocido como el modo power-save), relacionado con sta_info.c y tx.c.
A race condition flaw was found in the way the Linux kernel's mac80211 subsystem implementation handled synchronization between TX and STA wake-up code paths. A remote attacker could use this flaw to crash the system.
The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that Linux kernel's ptrace subsystem did not properly sanitize the address-space-control bits when the program-status word was being set. On IBM S/390 systems, a local, unprivileged user could use this flaw to set address-space-control bits to the kernel space, and thus gain read and write access to kernel memory. It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-04-01 CVE Reserved
- 2014-04-14 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1d147bfa64293b2723c4fec50922168658e613ba | X_refsource_confirm | |
| http://linux.oracle.com/errata/ELSA-2014-3052.html | Third Party Advisory | |
| http://secunia.com/advisories/60613 | Broken Link | |
| http://www.securityfocus.com/bid/66591 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038201 | Third Party Advisory | |
| https://bugzilla.kernel.org/show_bug.cgi?id=70551#c18 | Issue Tracking |
| URL | Date | SRC |
|---|---|---|
| https://github.com/torvalds/linux/commit/1d147bfa64293b2723c4fec50922168658e613ba | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7 | 2023-11-07 | |
| http://www.openwall.com/lists/oss-security/2014/04/01/8 | 2023-11-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1083512 | 2014-08-27 | |
| https://source.android.com/security/bulletin/2017-04-01 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 3.2.56 Search vendor "Linux" for product "Linux Kernel" and version " < 3.2.56" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.3 < 3.4.84 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.4.84" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.5 < 3.10.34 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 3.10.34" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.11 < 3.12.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 3.12.15" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.13 < 3.13.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 3.13.7" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | 6 Search vendor "Oracle" for product "Linux" and version "6" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | 7 Search vendor "Oracle" for product "Linux" and version "7" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise High Availability Extension Search vendor "Suse" for product "Linux Enterprise High Availability Extension" | 11 Search vendor "Suse" for product "Linux Enterprise High Availability Extension" and version "11" | sp3 |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse Linux Enterprise Desktop Search vendor "Suse" for product "Suse Linux Enterprise Desktop" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Desktop" and version "11" | sp3 |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11" | sp3 |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11" | sp3, vmware |
Affected
| ||||||