Published: 14/04/2014 Updated: 13/02/2023

CVSS v2 Base Score: 5.5 | Impact Score: 8.5 | Exploitability Score: 2.5

VMScore: 490

Vector: AV:A/AC:H/Au:S/C:P/I:P/A:C

drivers/vhost/net.c in the Linux kernel prior to 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

The ip6_route_add function in net/ipv6/routec in the Linux kernel through 3136 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets drivers/vhost/netc in the Linux kernel before 31310, when mergeable buffers are disab ...

Several security issues were fixed in the kernel ...

CWE-787 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.10 https://bugzilla.redhat.com/show_bug.cgi?id=1064440 https://github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0 http://secunia.com/advisories/59599 http://secunia.com/advisories/59386 http://www.securityfocus.com/bid/66678 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d8316f3991d207fe32881a9ac20241be8fa2bad0 https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2014-328.html https://usn.ubuntu.com/2225-1/

CVE-2014-0077

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect