Summary: | Kernel: net: ping: refcount issue in ping_init_sock() function (CVE-2014-2851) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | kernel |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-04-26 14:32:49 UTC
CVE-2014-2851 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2851): Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. Fix in 3.15 as b04c46190219a4f845e46a459e3102137b7f6cac |