Published: 14/04/2014 Updated: 15/12/2023

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

VMScore: 695

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel up to and including 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 3.0
linux linux kernel
debian debian linux 7.0

Debian Bug report logs - #747166 CVE-2014-0196: pty layer race condition memory corruption Package: linux; Maintainer for linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Henri Salo <henri@nervfi> Date: Tue, 6 May 2014 07:00:01 UTC Severity: grave Tags: security Found in versions 3241-2 ...

Debian Bug report logs - #747326 CVE-2014-3122: try_to_unmap_cluster() should lock_page() before mlocking Package: linux; Maintainer for linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Henri Salo <henri@nervfi> Date: Wed, 7 May 2014 14:48:02 UTC Severity: important Tags: fixed-upstream, p ...

Several security issues were fixed in the kernel ...

A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system ...

/* * DoS poc for CVE-2014-2851 * Linux group_info refcounter overflow memory corruption * * lkmlorg/lkml/2014/4/10/736 * * @Tohmaxx - thomaspolletblogspotbe * * If the app doesn't crash your system, try a different count (argv[1]) * Execution takes a while because 2^32 socket() calls * */ #include <arpa/ineth> # ...

Linux group_info refcounter overflow memory corruption denial of service exploit ...

Linux group_info refcounter overflow use afer free

linux This repository holds code to help exploiting CVE-2014-2851: Linux group_info refcounter overflow use afer free ping_ofc calls ping_init_sock() argv[1] times Doing this in python would make things too slow pingpy contains code to check if the group_info struct has been freed The client function does the following: call ping_init_sock() to increase the refcoun

CWE-416 https://lkml.org/lkml/2014/4/10/736 https://bugzilla.redhat.com/show_bug.cgi?id=1086730 https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cac http://www.openwall.com/lists/oss-security/2014/04/11/4 http://www.debian.org/security/2014/dsa-2926 http://www.securityfocus.com/bid/66779 http://secunia.com/advisories/59599 http://secunia.com/advisories/59386 http://www.securitytracker.com/id/1030769 https://nvd.nist.gov https://github.com/thomaxxl/group_info https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747166 https://www.exploit-db.com/exploits/32926/https://access.redhat.com/security/cve/cve-2014-2851 https://usn.ubuntu.com/2225-1/

CVE-2014-2851

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect