Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv2

CVE-2014-7284

Published: 13/10/2014 Updated: 07/11/2023
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
VMScore: 571
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
Subscribe to Linux Kernel

Vulnerability Summary

The net_get_random_once implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x prior to 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote malicious users to spoof or disrupt IP communication by leveraging the predictability of TCP sequence numbers, TCP and UDP port numbers, and IP ID values.

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel 3.13.1

linux linux kernel 3.13.10

linux linux kernel 3.13.11

linux linux kernel 3.14.3

linux linux kernel 3.14.1

linux linux kernel 3.13.6

linux linux kernel 3.13.4

linux linux kernel 3.13.3

linux linux kernel 3.13.2

linux linux kernel 3.13.5

linux linux kernel 3.13.9

linux linux kernel 3.14.2

linux linux kernel 3.14.4

linux linux kernel 3.13.8

linux linux kernel 3.13.7

Vendor Advisories

Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-trusty vulnerabilities
Several security issues were fixed in the kernel ...
Red Hat: CVE-2014-7284
The net_get_random_once implementation in net/core/utilsc in the Linux kernel 313x and 314x before 3145 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote attackers to spoof or disrupt IP communication by leveraging the predictability of TCP sequence numb ...

References

CWE-200https://github.com/torvalds/linux/commit/3d4405226d27b3a215e4d03cfa51f536244e5de7https://web.archive.org/web/20141002163852/http://secondlookforensics.com/ngro-linux-kernel-bug/http://www.openwall.com/lists/oss-security/2014/10/01/19http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5https://bugzilla.redhat.com/show_bug.cgi?id=1148788http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d4405226d27b3a215e4d03cfa51f536244e5de7https://nvd.nist.govhttps://usn.ubuntu.com/2290-1/https://access.redhat.com/security/cve/cve-2014-7284
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook