Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 510162 (CVE-2014-3144) - Kernel: filter: prevent nla extensions to peek beyond the end of the message (CVE-2014-3144)
Summary: Kernel: filter: prevent nla extensions to peek beyond the end of the message ...
Status: RESOLVED FIXED
Alias: CVE-2014-3144
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-05-12 14:36 UTC by Agostino Sarubbo
Modified: 2022-03-25 22:03 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-05-12 14:36:09 UTC 
CVE-2014-3144 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3144):
  The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations 
  in the sk_run_filter function in net/core/filter.c in the Linux kernel 
  through 3.14.3 do not check whether a certain length value is sufficiently 
  large, which allows local users to cause a denial of service (integer underflow 
  and system crash) via crafted BPF instructions. NOTE: the affected code 
  was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before 
  the vulnerability was announced.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2014-08-10 21:54:43 UTC 
CVE-2014-3144 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3144):
  The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension
  implementations in the sk_run_filter function in net/core/filter.c in the
  Linux kernel through 3.14.3 do not check whether a certain length value is
  sufficiently large, which allows local users to cause a denial of service
  (integer underflow and system crash) via crafted BPF instructions.  NOTE:
  the affected code was moved to the __skb_get_nlattr and
  __skb_get_nlattr_nest functions before the vulnerability was announced.