Published: 10/11/2014 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel prior to 3.13.5 does not properly maintain a certain tail pointer, which allows remote malicious users to obtain sensitive cleartext information by reading packets.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 3.13.1
linux linux kernel 3.13
linux linux kernel 3.13.3
linux linux kernel 3.13.2
linux linux kernel

Several security issues were fixed in the kernel ...

An information leak flaw was found in the Linux kernel's IEEE 80211 wireless networking implementation When software encryption was used, a remote attacker could use this flaw to leak up to 8 bytes of plaintext ...

CWE-200 http://www.securitytracker.com/id/1037968 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html https://github.com/torvalds/linux/commit/338f977f4eb441e69bb9a46eaa0ac715c931a67f http://rhn.redhat.com/errata/RHSA-2015-0290.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.5 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://www.openwall.com/lists/oss-security/2014/11/09/1 https://exchange.xforce.ibmcloud.com/vulnerabilities/98922 http://rhn.redhat.com/errata/RHSA-2015-1272.html http://www.securityfocus.com/bid/70965 https://source.android.com/security/bulletin/2017-03-01.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=338f977f4eb441e69bb9a46eaa0ac715c931a67f https://nvd.nist.gov https://usn.ubuntu.com/2175-1/https://access.redhat.com/security/cve/cve-2014-8709

CVE-2014-8709

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect