Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2014-3631

Published: 28/09/2014 Updated: 02/02/2024
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 725
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Linux

Vulnerability Summary

The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel prior to 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

Vendor Advisories

Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-trusty vulnerabilities
Several security issues were fixed in the kernel ...
Red Hat: CVE-2014-3631
A flaw was found in the way the Linux kernel's keys subsystem handled the termination condition in the associative array garbage collection functionality A local, unprivileged user could use this flaw to crash the system ...

Exploits

Exploit DB: Linux Kernel 3.16.3 - Associative Array Garbage Collection Crash (PoC)
/* ---------------------------------------------------------------------------------------------------- * cve-2014-3631_pocc * * The assoc_array_gc function in the associative-array implementation in lib/assoc_arrayc in the Linux kernel before 3163 * does not properly implement garbage collection, which allows local users to cause a denia ...
Exploit DB: Linux CVE-2014-3631 Proof Of Concept
The assoc_array_gc function in the associative-array implementation in lib/assoc_arrayc in the Linux kernel before 3163 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operation ...

References

NVD-CWE-Otherhttps://github.com/torvalds/linux/commit/95389b08d93d5c06ec63ab49bd732b0069b7c35ehttps://bugzilla.redhat.com/show_bug.cgi?id=1140325http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.3http://www.ubuntu.com/usn/USN-2379-1http://www.ubuntu.com/usn/USN-2378-1http://osvdb.org/show/osvdb/111298http://www.exploit-db.com/exploits/36268http://www.securityfocus.com/bid/70095http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=95389b08d93d5c06ec63ab49bd732b0069b7c35ehttps://usn.ubuntu.com/2379-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/36268/https://access.redhat.com/security/cve/cve-2014-3631
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377CVE-2024-20859CVE-2023-49606injectarbitrary CVE-2024-33788CVE-2024-30973IDORCVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook