CVE-2014-0038

Published: Feb 6, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2def2ef2ae5f3990aabdbe8a755911902707d268

x_refsource_CONFIRM

USN-2096-1

vendor-advisory

x_refsource_UBUNTU

https://github.com/saelo/cve-2014-0038

x_refsource_MISC

USN-2095-1

vendor-advisory

x_refsource_UBUNTU

http://pastebin.com/raw.php?i=DH3Lbg54

x_refsource_MISC

https://code.google.com/p/chromium/issues/detail?id=338594

x_refsource_MISC

USN-2094-1

vendor-advisory

x_refsource_UBUNTU

MDVSA-2014:038

vendor-advisory

x_refsource_MANDRIVA

56669

third-party-advisory

x_refsource_SECUNIA

65255

vdb-entry

x_refsource_BID

https://github.com/torvalds/linux/commit/2def2ef2ae5f3990aabdbe8a755911902707d268

x_refsource_CONFIRM

40503

exploit

x_refsource_EXPLOIT-DB

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.2

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1060023

x_refsource_CONFIRM

openSUSE-SU-2014:0204

vendor-advisory

x_refsource_SUSE

31347

exploit

x_refsource_EXPLOIT-DB

openSUSE-SU-2014:0205

vendor-advisory

x_refsource_SUSE

31346

exploit

x_refsource_EXPLOIT-DB

[oss-security] 20140131 Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038)

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-0038

Description

Affected Products

References