CVE-2014-3940CVE-2014-3940

Affected configuration(s):

cpe:/a:redhat:enterprise_mrg:2.0
cpe:/o:linux:linux_kernel:3.14:-
cpe:/o:linux:linux_kernel:3.14:rc1
cpe:/o:linux:linux_kernel:3.14:rc2
cpe:/o:linux:linux_kernel:3.14:rc3
cpe:/o:linux:linux_kernel:3.14:rc4
cpe:/o:linux:linux_kernel:3.14:rc5
cpe:/o:linux:linux_kernel:3.14:rc6
cpe:/o:linux:linux_kernel:3.14:rc7
cpe:/o:linux:linux_kernel:3.14:rc8
cpe:/o:linux:linux_kernel:3.14.1
cpe:/o:linux:linux_kernel:3.14.2
cpe:/o:linux:linux_kernel:3.14.3
cpe:/o:linux:linux_kernel:3.14.4
cpe:/o:linux:linux_kernel:3.14.5
cpe:/o:redhat:enterprise_linux:6

Date published: 2014-06-05T13:55:07.573-04:00

Date last modified: 2016-12-23T21:59:02.523-05:00

CVSS Score: 4.0

Principal attack vector: LOCAL

Complexity:  HIGH

Reference URL: http://rhn.redhat.com/errata/RHSA-2015-0290.html

Summary: The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *