CVE-2014-2739CVE-2014-2739

Affected configuration(s):

cpe:/o:linux:linux_kernel:3.14:rc1
cpe:/o:linux:linux_kernel:3.14:rc2
cpe:/o:linux:linux_kernel:3.14:rc3
cpe:/o:linux:linux_kernel:3.14:rc4
cpe:/o:linux:linux_kernel:3.14:rc5
cpe:/o:linux:linux_kernel:3.14:rc6
cpe:/o:linux:linux_kernel:3.14:rc7
cpe:/o:linux:linux_kernel:3.14:rc8
cpe:/o:linux:linux_kernel:3.14.1

Date published: 2014-04-14T19:55:07.747-04:00

Date last modified: 2014-04-24T01:06:26.623-04:00

CVSS Score: 4.6

Principal attack vector: ADJACENT_NETWORK

Complexity:  HIGH

Reference URL: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b2853fd6c2d0f383dbdf7427e263eb576a633867

Summary: The cma_req_handler function in drivers/infiniband/core/cma.c in the Linux kernel 3.14.x through 3.14.1 attempts to resolve an RDMA over Converged Ethernet (aka RoCE) address that is properly resolved within a different module, which allows remote attackers to cause a denial of service (incorrect pointer dereference and system crash) via crafted network traffic.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.