Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.9
CVSSv2

CVE-2014-1874

Published: 28/02/2014 Updated: 13/02/2023
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
VMScore: 437
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Linux

Vulnerability Summary

The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel prior to 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

suse linux enterprise server 10

canonical ubuntu linux 13.10

canonical ubuntu linux 12.10

canonical ubuntu linux 12.04

canonical ubuntu linux 10.04

Vendor Advisories

Amazon Linux AMI: ALAS-2014-289
The pn_recvmsg function in net/phonet/datagramc in the Linux kernel before 3124 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call The security_contex ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-quantal vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-ti-omap4 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-ti-omap4 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-ti-omap4 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-raring vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-saucy vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-ec2 vulnerabilities
Several security issues were fixed in the kernel ...
Red Hat: CVE-2014-1874
The security_context_to_sid_core function in security/selinux/ss/servicesc in the Linux kernel before 3134 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context ...

References

CWE-20http://www.openwall.com/lists/oss-security/2014/02/07/2https://bugzilla.redhat.com/show_bug.cgi?id=1062356http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.4https://github.com/torvalds/linux/commit/2172fa709ab32ca60e86179dc67d0857be8e2c98http://www.ubuntu.com/usn/USN-2133-1http://www.ubuntu.com/usn/USN-2138-1http://www.ubuntu.com/usn/USN-2134-1http://www.ubuntu.com/usn/USN-2136-1http://www.ubuntu.com/usn/USN-2129-1http://www.ubuntu.com/usn/USN-2128-1http://www.ubuntu.com/usn/USN-2137-1http://www.ubuntu.com/usn/USN-2139-1http://www.ubuntu.com/usn/USN-2141-1http://www.ubuntu.com/usn/USN-2135-1http://www.ubuntu.com/usn/USN-2140-1http://www.securityfocus.com/bid/65459http://secunia.com/advisories/59309http://secunia.com/advisories/59406http://linux.oracle.com/errata/ELSA-2014-0771.htmlhttp://linux.oracle.com/errata/ELSA-2014-3043.htmlhttp://secunia.com/advisories/59262http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.htmlhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2172fa709ab32ca60e86179dc67d0857be8e2c98https://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2014-289.htmlhttps://usn.ubuntu.com/2128-1/https://access.redhat.com/security/cve/cve-2014-1874
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook