Back to search
CVE-2014-9428
Published: Jan 2, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows remote attackers to cause a denial of service (mesh-node system crash) via fragmented packets.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
FEDORA-2015-0517
vendor-advisory
x_refsource_FEDORA
USN-2515-1
vendor-advisory
x_refsource_UBUNTU
[oss-security] 20141231 Re: CVE Request: Linux: Remote crash via batman-adv module - Linux kernel
mailing-list
x_refsource_MLIST
[netdev] 20141220 Stable fixes for batman-adv
mailing-list
x_refsource_MLIST
USN-2518-1
vendor-advisory
x_refsource_UBUNTU
MDVSA-2015:058
vendor-advisory
x_refsource_MANDRIVA
FEDORA-2015-0515
vendor-advisory
x_refsource_FEDORA
http://bugs.debian.org/774155
x_refsource_CONFIRM
[b.a.t.m.a.n] 20141118 kernel BUG at net/core/skbuff.c:100
mailing-list
x_refsource_MLIST
USN-2517-1
vendor-advisory
x_refsource_UBUNTU
USN-2516-1
vendor-advisory
x_refsource_UBUNTU
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now