Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    56 vulnerabilities found for linux_enterprise_high_availability_extension by suse

    CVE-2026-31431 (GCVE-0-2026-31431)

    Vulnerability from nvd – Published: 2026-04-22 08:15 – Updated: 2026-07-01 12:05
    VLAI CISA CIRCL KEVIntel
    Title
    crypto: algif_aead - Revert to operating out-of-place
    Summary
    In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-669 - Incorrect Resource Transfer Between Spheres
    • CWE-1288 - Improper Validation of Consistency within Input
    Assigner
    References
    URL Tags
    https://git.kernel.org/stable/c/893d22e0135fa394d…
    https://git.kernel.org/stable/c/19d43105a97be0810…
    https://git.kernel.org/stable/c/961cfa271a918ad4a…
    https://git.kernel.org/stable/c/3115af9644c342b35…
    https://git.kernel.org/stable/c/8b88d99341f139e23…
    https://git.kernel.org/stable/c/fafe0fa2995a0f707…
    https://git.kernel.org/stable/c/ce42ee423e58dffa5…
    https://git.kernel.org/stable/c/a664bf3d603dc3bdc…
    https://github.com/theori-io/copy-fail-CVE-2026-31431 exploit
    https://xint.io/blog/copy-fail-linux-distribution… mitigation
    https://lore.kernel.org/linux-cve-announce/202604… mitigation
    https://access.redhat.com/security/cve/cve-2026-3… mitigation
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    http://www.openwall.com/lists/oss-security/2026/0…
    https://copy.fail
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/04/30/2
    http://www.openwall.com/lists/oss-security/2026/04/30/5
    http://www.openwall.com/lists/oss-security/2026/04/30/6
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    https://websec.net/blog/cve-2026-31431-linux-algi…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/01/2
    http://www.openwall.com/lists/oss-security/2026/05/01/3
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/02/4
    http://www.openwall.com/lists/oss-security/2026/05/02/5
    http://www.openwall.com/lists/oss-security/2026/05/02/6
    http://www.openwall.com/lists/oss-security/2026/05/02/7
    http://www.openwall.com/lists/oss-security/2026/05/02/8
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/03/3
    http://www.openwall.com/lists/oss-security/2026/05/03/4
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/03/5
    http://www.openwall.com/lists/oss-security/2026/05/03/6
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/04/1
    http://www.openwall.com/lists/oss-security/2026/05/04/2
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/04/8
    http://www.openwall.com/lists/oss-security/2026/05/04/9
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/06/5
    http://www.openwall.com/lists/oss-security/2026/05/07/2
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    https://www.kb.cert.org/vuls/id/260001
    http://www.openwall.com/lists/oss-security/2026/05/18/3
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://access.redhat.com/security/cve/CVE-2026-31431 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2460538 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:14926 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33486 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14097 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14112 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15087 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14773 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13729 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13885 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13727 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13690 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13862 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13811 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13887 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13566 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19074 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13936 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13734 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13932 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14339 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13565 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19225 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13577 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15976 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14165 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14230 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16111 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13681 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16210 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16209 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16208 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16063 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16018 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15978 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13578 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14137 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14301 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 893d22e0135fa394db81df88697fba6032747667 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 19d43105a97be0810edbda875f2cd03f30dc130c (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 961cfa271a918ad4ae452420e7c303149002875b (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 3115af9644c342b356f3f07a4dd1c8905cd9a6fc (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 8b88d99341f139e23bdeb1027a2a3ae10d341d82 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < ce42ee423e58dffa5ec03524054c9d8bfd4f6237 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5 (git)
    Create a notification for this product.
    Linux Linux Affected: 4.14
    Unaffected: 0 , < 4.14 (semver)
    Unaffected: 5.10.254 , ≤ 5.10.* (semver)
    Unaffected: 5.15.204 , ≤ 5.15.* (semver)
    Unaffected: 6.1.170 , ≤ 6.1.* (semver)
    Unaffected: 6.6.137 , ≤ 6.6.* (semver)
    Unaffected: 6.12.85 , ≤ 6.12.* (semver)
    Unaffected: 6.18.22 , ≤ 6.18.* (semver)
    Unaffected: 6.19.12 , ≤ 6.19.* (semver)
    Unaffected: 7.0 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Red Hat NVIDIA for RHEL 10     cpe:/a:redhat:enterprise_linux_nvidia:10::el10
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12     cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13     cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14     cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15     cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16     cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17     cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18     cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.19     cpe:/a:redhat:openshift:4.19::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.20     cpe:/a:redhat:openshift:4.20::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.21     cpe:/a:redhat:openshift:4.21::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 8)     cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.4)     cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)     cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.6)     cpe:/o:redhat:rhel_aus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.6)     cpe:/o:redhat:rhel_e4s:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.6)     cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.8)     cpe:/o:redhat:rhel_e4s:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.8)     cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.0)     cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.2)     cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.4)     cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.6)     cpe:/o:redhat:rhel_eus:9.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 9)     cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CRB (v. 8)     cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux NFV (v. 8)     cpe:/a:redhat:enterprise_linux:8::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux NFV E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV (v. 9)     cpe:/a:redhat:enterprise_linux:9::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux RT (v. 8)     cpe:/a:redhat:enterprise_linux:8::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time (v. 9)     cpe:/a:redhat:enterprise_linux:9::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-31431",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-29T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-05-01",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-669",
                    "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-02T03:55:23.146Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/theori-io/copy-fail-CVE-2026-31431"
              },
              {
                "tags": [
                  "mitigation"
                ],
                "url": "https://xint.io/blog/copy-fail-linux-distributions#the-fix-6"
              },
              {
                "tags": [
                  "mitigation"
                ],
                "url": "https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/"
              },
              {
                "tags": [
                  "mitigation"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2026-31431#cve-details-mitigation"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-01T00:00:00.000Z",
                "value": "CVE-2026-31431 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-18T17:44:54.264Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/23"
              },
              {
                "url": "https://copy.fail"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/25"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/26"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/11"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/15"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/16"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/18"
              },
              {
                "url": "https://websec.net/blog/cve-2026-31431-linux-algifaead-page-cache-write-to-root-69f38a4ccddd2db1f520f170"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/20"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/15"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/16"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/18"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/22"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/23"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/24"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/7"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/8"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/15"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/16"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/18"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/19"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/20"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/21"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/23"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/24"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/25"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/13"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/1"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/11"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/13"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/8"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/9"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/24"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/27"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/28"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/29"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/31"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/06/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/07/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/07/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/08/13"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/260001"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/18/3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T12:09:03.910Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
              }
            ],
            "x_adpType": "supplier"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_nvidia:10::el10"
                ],
                "defaultStatus": "affected",
                "product": "NVIDIA for RHEL 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.12::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.12",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.13::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.13",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.14::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.15::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.15",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.17::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.17",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.18::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.18",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.19::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.19",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.20::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.20",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.21::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.21",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.0::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.2::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CRB (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux NFV (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux NFV E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux RT (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-22T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the Linux kernel\u0027s algif_aead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive system files and escalate to root privileges."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1288",
                    "description": "Improper Validation of Consistency within Input",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:05:08.344Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-31431"
              },
              {
                "name": "RHBZ#2460538",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460538"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31431.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14926"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33486"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14097"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14112"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15087"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14773"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13729"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13885"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13727"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13690"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13862"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13811"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13887"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13566"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19074"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13936"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13734"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13932"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14339"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13565"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19225"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13577"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15976"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14165"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14230"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16111"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13681"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16210"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16209"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16208"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16063"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16018"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15978"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13578"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14137"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14301"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:14926: NVIDIA for RHEL 10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33486: NVIDIA for RHEL 10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14097: Red Hat OpenShift Container Platform 4.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14112: Red Hat OpenShift Container Platform 4.13"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15087: Red Hat OpenShift Container Platform 4.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14773: Red Hat OpenShift Container Platform 4.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13729: Red Hat OpenShift Container Platform 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13885: Red Hat OpenShift Container Platform 4.17"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13727: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13690: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13862: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13811: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13887: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0), Red Hat Enterprise Linux Real Time EUS (v. 10.0), Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13566: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19074: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13936: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13734: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13932: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4), Red Hat Enterprise Linux Real Time EUS (v.9.4), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14339: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6), Red Hat Enterprise Linux Real Time EUS (v.9.6), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13565: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19225: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13577: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15976: Red Hat Enterprise Linux BaseOS (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14165: Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14230: Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16111: Red Hat Enterprise Linux BaseOS E4S (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13681: Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16210: Red Hat Enterprise Linux BaseOS E4S (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16209: Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16208: Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16063: Red Hat Enterprise Linux BaseOS EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16018: Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15978: Red Hat Enterprise Linux BaseOS (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13578: Red Hat Enterprise Linux NFV (v. 8), Red Hat Enterprise Linux RT (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14137: Red Hat Enterprise Linux NFV E4S (v.9.0), Red Hat Enterprise Linux Real Time E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14301: Red Hat Enterprise Linux Real Time E4S (v.9.2), Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-22T00:00:00.000Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-22T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "kernel: crypto: algif_aead - Revert to operating out-of-place",
            "workarounds": [
              {
                "lang": "en",
                "value": "See the security bulletin for a detailed mitigation procedure."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "crypto/af_alg.c",
                "crypto/algif_aead.c",
                "crypto/algif_skcipher.c",
                "include/crypto/if_alg.h"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "893d22e0135fa394db81df88697fba6032747667",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "19d43105a97be0810edbda875f2cd03f30dc130c",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "961cfa271a918ad4ae452420e7c303149002875b",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "3115af9644c342b356f3f07a4dd1c8905cd9a6fc",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "8b88d99341f139e23bdeb1027a2a3ae10d341d82",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "ce42ee423e58dffa5ec03524054c9d8bfd4f6237",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "crypto/af_alg.c",
                "crypto/algif_aead.c",
                "crypto/algif_skcipher.c",
                "include/crypto/if_alg.h"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.14"
                },
                {
                  "lessThan": "4.14",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.254",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.204",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.170",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.137",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.85",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.22",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.19.*",
                  "status": "unaffected",
                  "version": "6.19.12",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.0",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.254",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.204",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.170",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.137",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.85",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.22",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.19.12",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings.  Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T22:08:34.612Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667"
            },
            {
              "url": "https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c"
            },
            {
              "url": "https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b"
            },
            {
              "url": "https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc"
            },
            {
              "url": "https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82"
            },
            {
              "url": "https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8"
            },
            {
              "url": "https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237"
            },
            {
              "url": "https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5"
            }
          ],
          "title": "crypto: algif_aead - Revert to operating out-of-place",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-31431",
        "datePublished": "2026-04-22T08:15:10.123Z",
        "dateReserved": "2026-03-09T15:48:24.089Z",
        "dateUpdated": "2026-07-01T12:05:08.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2017-18017 (GCVE-0-2017-18017)

    Vulnerability from nvd – Published: 2018-01-03 06:00 – Updated: 2025-01-03 12:04
    VLAI
    Summary
    The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2018/dsa-4187 vendor-advisoryx_refsource_DEBIAN
    https://usn.ubuntu.com/3583-2/ vendor-advisoryx_refsource_UBUNTU
    http://patchwork.ozlabs.org/patch/746618/ x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2018:1737 vendor-advisoryx_refsource_REDHAT
    https://www.kernel.org/pub/linux/kernel/v4.x/Chan… x_refsource_MISC
    https://lkml.org/lkml/2017/4/2/13 x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2018:1062 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1319 vendor-advisoryx_refsource_REDHAT
    https://help.ecostruxureit.com/display/public/UAD… x_refsource_CONFIRM
    https://usn.ubuntu.com/3583-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:0676 vendor-advisoryx_refsource_REDHAT
    https://bugs.launchpad.net/ubuntu/+source/linux/+… x_refsource_MISC
    https://github.com/torvalds/linux/commit/2638fd0f… x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2018:1170 vendor-advisoryx_refsource_REDHAT
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2018:1130 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/102367 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3583-1 vendor-advisoryx_refsource_UBUNTU
    https://support.f5.com/csp/article/K18352029 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3583-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.arista.com/en/support/advisories-noti… x_refsource_MISC
    https://security.netapp.com/advisory/ntap-2025010…
    Date Public
    2018-01-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-01-03T12:04:18.715Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4187",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4187"
              },
              {
                "name": "USN-3583-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3583-2/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://patchwork.ozlabs.org/patch/746618/"
              },
              {
                "name": "RHSA-2018:1737",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1737"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lkml.org/lkml/2017/4/2/13"
              },
              {
                "name": "RHSA-2018:1062",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1062"
              },
              {
                "name": "RHSA-2018:1319",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1319"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
              },
              {
                "name": "USN-3583-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3583-1/"
              },
              {
                "name": "RHSA-2018:0676",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0676"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901"
              },
              {
                "name": "RHSA-2018:1170",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1170"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901"
              },
              {
                "name": "RHSA-2018:1130",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1130"
              },
              {
                "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
              },
              {
                "name": "102367",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102367"
              },
              {
                "name": "SUSE-SU-2018:0834",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html"
              },
              {
                "name": "SUSE-SU-2018:0848",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html"
              },
              {
                "name": "SUSE-SU-2018:0383",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html"
              },
              {
                "name": "USN-3583-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3583-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K18352029"
              },
              {
                "name": "SUSE-SU-2018:0555",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html"
              },
              {
                "name": "openSUSE-SU-2018:0408",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html"
              },
              {
                "name": "SUSE-SU-2018:0986",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html"
              },
              {
                "name": "SUSE-SU-2018:0416",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html"
              },
              {
                "name": "SUSE-SU-2018:0482",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html"
              },
              {
                "name": "SUSE-SU-2018:0841",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html"
              },
              {
                "name": "USN-3583-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3583-2"
              },
              {
                "name": "SUSE-SU-2018:0660",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20250103-0010/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-01-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-08T11:33:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "DSA-4187",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4187"
            },
            {
              "name": "USN-3583-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3583-2/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://patchwork.ozlabs.org/patch/746618/"
            },
            {
              "name": "RHSA-2018:1737",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1737"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lkml.org/lkml/2017/4/2/13"
            },
            {
              "name": "RHSA-2018:1062",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1062"
            },
            {
              "name": "RHSA-2018:1319",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1319"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "USN-3583-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3583-1/"
            },
            {
              "name": "RHSA-2018:0676",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0676"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901"
            },
            {
              "name": "RHSA-2018:1170",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1170"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901"
            },
            {
              "name": "RHSA-2018:1130",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1130"
            },
            {
              "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
            },
            {
              "name": "102367",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102367"
            },
            {
              "name": "SUSE-SU-2018:0834",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html"
            },
            {
              "name": "SUSE-SU-2018:0848",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html"
            },
            {
              "name": "SUSE-SU-2018:0383",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html"
            },
            {
              "name": "USN-3583-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3583-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K18352029"
            },
            {
              "name": "SUSE-SU-2018:0555",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html"
            },
            {
              "name": "openSUSE-SU-2018:0408",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html"
            },
            {
              "name": "SUSE-SU-2018:0986",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html"
            },
            {
              "name": "SUSE-SU-2018:0416",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html"
            },
            {
              "name": "SUSE-SU-2018:0482",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html"
            },
            {
              "name": "SUSE-SU-2018:0841",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html"
            },
            {
              "name": "USN-3583-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3583-2"
            },
            {
              "name": "SUSE-SU-2018:0660",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-18017",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4187",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4187"
                },
                {
                  "name": "USN-3583-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3583-2/"
                },
                {
                  "name": "http://patchwork.ozlabs.org/patch/746618/",
                  "refsource": "MISC",
                  "url": "http://patchwork.ozlabs.org/patch/746618/"
                },
                {
                  "name": "RHSA-2018:1737",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1737"
                },
                {
                  "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36",
                  "refsource": "MISC",
                  "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36"
                },
                {
                  "name": "https://lkml.org/lkml/2017/4/2/13",
                  "refsource": "MISC",
                  "url": "https://lkml.org/lkml/2017/4/2/13"
                },
                {
                  "name": "RHSA-2018:1062",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1062"
                },
                {
                  "name": "RHSA-2018:1319",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1319"
                },
                {
                  "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
                  "refsource": "CONFIRM",
                  "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
                },
                {
                  "name": "USN-3583-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3583-1/"
                },
                {
                  "name": "RHSA-2018:0676",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0676"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765",
                  "refsource": "MISC",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901",
                  "refsource": "MISC",
                  "url": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901"
                },
                {
                  "name": "RHSA-2018:1170",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1170"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901",
                  "refsource": "MISC",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901"
                },
                {
                  "name": "RHSA-2018:1130",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1130"
                },
                {
                  "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
                },
                {
                  "name": "102367",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102367"
                },
                {
                  "name": "SUSE-SU-2018:0834",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html"
                },
                {
                  "name": "SUSE-SU-2018:0848",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html"
                },
                {
                  "name": "SUSE-SU-2018:0383",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html"
                },
                {
                  "name": "USN-3583-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3583-1"
                },
                {
                  "name": "https://support.f5.com/csp/article/K18352029",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K18352029"
                },
                {
                  "name": "SUSE-SU-2018:0555",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html"
                },
                {
                  "name": "openSUSE-SU-2018:0408",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html"
                },
                {
                  "name": "SUSE-SU-2018:0986",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html"
                },
                {
                  "name": "SUSE-SU-2018:0416",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html"
                },
                {
                  "name": "SUSE-SU-2018:0482",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html"
                },
                {
                  "name": "SUSE-SU-2018:0841",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html"
                },
                {
                  "name": "USN-3583-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3583-2"
                },
                {
                  "name": "SUSE-SU-2018:0660",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html"
                },
                {
                  "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34",
                  "refsource": "MISC",
                  "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-18017",
        "datePublished": "2018-01-03T06:00:00.000Z",
        "dateReserved": "2018-01-03T00:00:00.000Z",
        "dateUpdated": "2025-01-03T12:04:18.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3281 (GCVE-0-2015-3281)

    Vulnerability from nvd – Published: 2015-07-06 14:55 – Updated: 2024-08-06 05:39
    VLAI
    Summary
    The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2015-1741.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.haproxy.org/news.html x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2015-2666.html vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/USN-2668-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://git.haproxy.org/?p=haproxy-1.5.git%3Ba=com… x_refsource_CONFIRM
    http://www.debian.org/security/2015/dsa-3301 vendor-advisoryx_refsource_DEBIAN
    http://www.securityfocus.com/bid/75554 vdb-entryx_refsource_BID
    Date Public
    2015-07-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:39:32.116Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:1741",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-1741.html"
              },
              {
                "name": "openSUSE-SU-2015:1831",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00023.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.haproxy.org/news.html"
              },
              {
                "name": "RHSA-2015:2666",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2666.html"
              },
              {
                "name": "USN-2668-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2668-1"
              },
              {
                "name": "SUSE-SU-2015:1663",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.haproxy.org/?p=haproxy-1.5.git%3Ba=commit%3Bh=7ec765568883b2d4e5a2796adbeb492a22ec9bd4"
              },
              {
                "name": "DSA-3301",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3301"
              },
              {
                "name": "75554",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/75554"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-07-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-23T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:1741",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1741.html"
            },
            {
              "name": "openSUSE-SU-2015:1831",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00023.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.haproxy.org/news.html"
            },
            {
              "name": "RHSA-2015:2666",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2666.html"
            },
            {
              "name": "USN-2668-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2668-1"
            },
            {
              "name": "SUSE-SU-2015:1663",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.haproxy.org/?p=haproxy-1.5.git%3Ba=commit%3Bh=7ec765568883b2d4e5a2796adbeb492a22ec9bd4"
            },
            {
              "name": "DSA-3301",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3301"
            },
            {
              "name": "75554",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/75554"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-3281",
        "datePublished": "2015-07-06T14:55:00.000Z",
        "dateReserved": "2015-04-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:39:32.116Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-4027 (GCVE-0-2014-4027)

    Vulnerability from nvd – Published: 2014-06-23 10:00 – Updated: 2024-08-06 11:04
    VLAI
    Summary
    The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/59134 third-party-advisoryx_refsource_SECUNIA
    https://support.f5.com/kb/en-us/solutions/public/… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=1108744 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2335-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2334-1 vendor-advisoryx_refsource_UBUNTU
    http://git.kernel.org/?p=linux/kernel/git/torvald… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/60564 third-party-advisoryx_refsource_SECUNIA
    https://github.com/torvalds/linux/commit/4442dc8a… x_refsource_CONFIRM
    http://secunia.com/advisories/59777 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/61310 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2014/06/11/1 mailing-listx_refsource_MLIST
    http://permalink.gmane.org/gmane.linux.scsi.targe… mailing-listx_refsource_MLIST
    Date Public
    2014-06-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:04:27.539Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2014:1316",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
              },
              {
                "name": "59134",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59134"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108744"
              },
              {
                "name": "USN-2335-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2335-1"
              },
              {
                "name": "USN-2334-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2334-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc"
              },
              {
                "name": "SUSE-SU-2014:1319",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
              },
              {
                "name": "60564",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60564"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc"
              },
              {
                "name": "59777",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59777"
              },
              {
                "name": "61310",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61310"
              },
              {
                "name": "[oss-security] 20140611 Re: CVE request: Linux kernel / target information leak",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/06/11/1"
              },
              {
                "name": "[target-devel] 20140616 [PATCH] target: Explicitly clear ramdisk_mcp backend pages",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-06-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-01-05T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2014:1316",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
            },
            {
              "name": "59134",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59134"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108744"
            },
            {
              "name": "USN-2335-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2335-1"
            },
            {
              "name": "USN-2334-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2334-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc"
            },
            {
              "name": "SUSE-SU-2014:1319",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
            },
            {
              "name": "60564",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60564"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc"
            },
            {
              "name": "59777",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59777"
            },
            {
              "name": "61310",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61310"
            },
            {
              "name": "[oss-security] 20140611 Re: CVE request: Linux kernel / target information leak",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/06/11/1"
            },
            {
              "name": "[target-devel] 20140616 [PATCH] target: Explicitly clear ramdisk_mcp backend pages",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-4027",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2014:1316",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
                },
                {
                  "name": "59134",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59134"
                },
                {
                  "name": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1108744",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108744"
                },
                {
                  "name": "USN-2335-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2335-1"
                },
                {
                  "name": "USN-2334-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2334-1"
                },
                {
                  "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc"
                },
                {
                  "name": "SUSE-SU-2014:1319",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
                },
                {
                  "name": "60564",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60564"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc"
                },
                {
                  "name": "59777",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59777"
                },
                {
                  "name": "61310",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61310"
                },
                {
                  "name": "[oss-security] 20140611 Re: CVE request: Linux kernel / target information leak",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/06/11/1"
                },
                {
                  "name": "[target-devel] 20140616 [PATCH] target: Explicitly clear ramdisk_mcp backend pages",
                  "refsource": "MLIST",
                  "url": "http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-4027",
        "datePublished": "2014-06-23T10:00:00.000Z",
        "dateReserved": "2014-06-11T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:04:27.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-1739 (GCVE-0-2014-1739)

    Vulnerability from nvd – Published: 2014-06-23 10:00 – Updated: 2024-08-06 09:50
    VLAI
    Summary
    The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-06-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:50:11.338Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2263-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2263-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1109774"
              },
              {
                "name": "SUSE-SU-2014:1316",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
              },
              {
                "name": "[oss-security] 20140615 CVE-2014-1739: Kernel Infoleak vulnerability in,media_enum_entities()",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/06/15/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/2017-04-01"
              },
              {
                "name": "USN-2261-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2261-1"
              },
              {
                "name": "USN-2264-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2264-1"
              },
              {
                "name": "68048",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/68048"
              },
              {
                "name": "SUSE-SU-2014:1319",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e6a623460e5fc960ac3ee9f946d3106233fd28d8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.6"
              },
              {
                "name": "USN-2259-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2259-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/e6a623460e5fc960ac3ee9f946d3106233fd28d8"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://speirofr.appspot.com/cve-2014-1739-kernel-infoleak-vulnerability-in-media_enum_entities.html"
              },
              {
                "name": "59597",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59597"
              },
              {
                "name": "1038201",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038201"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-06-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-20T19:57:01.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "name": "USN-2263-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2263-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1109774"
            },
            {
              "name": "SUSE-SU-2014:1316",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
            },
            {
              "name": "[oss-security] 20140615 CVE-2014-1739: Kernel Infoleak vulnerability in,media_enum_entities()",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/06/15/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/2017-04-01"
            },
            {
              "name": "USN-2261-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2261-1"
            },
            {
              "name": "USN-2264-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2264-1"
            },
            {
              "name": "68048",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/68048"
            },
            {
              "name": "SUSE-SU-2014:1319",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e6a623460e5fc960ac3ee9f946d3106233fd28d8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.6"
            },
            {
              "name": "USN-2259-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2259-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/e6a623460e5fc960ac3ee9f946d3106233fd28d8"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://speirofr.appspot.com/cve-2014-1739-kernel-infoleak-vulnerability-in-media_enum_entities.html"
            },
            {
              "name": "59597",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59597"
            },
            {
              "name": "1038201",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038201"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "ID": "CVE-2014-1739",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-2263-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2263-1"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1109774",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1109774"
                },
                {
                  "name": "SUSE-SU-2014:1316",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
                },
                {
                  "name": "[oss-security] 20140615 CVE-2014-1739: Kernel Infoleak vulnerability in,media_enum_entities()",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/06/15/1"
                },
                {
                  "name": "https://source.android.com/security/bulletin/2017-04-01",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/2017-04-01"
                },
                {
                  "name": "USN-2261-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2261-1"
                },
                {
                  "name": "USN-2264-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2264-1"
                },
                {
                  "name": "68048",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/68048"
                },
                {
                  "name": "SUSE-SU-2014:1319",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
                },
                {
                  "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e6a623460e5fc960ac3ee9f946d3106233fd28d8",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e6a623460e5fc960ac3ee9f946d3106233fd28d8"
                },
                {
                  "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.6",
                  "refsource": "CONFIRM",
                  "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.6"
                },
                {
                  "name": "USN-2259-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2259-1"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/e6a623460e5fc960ac3ee9f946d3106233fd28d8",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/e6a623460e5fc960ac3ee9f946d3106233fd28d8"
                },
                {
                  "name": "http://speirofr.appspot.com/cve-2014-1739-kernel-infoleak-vulnerability-in-media_enum_entities.html",
                  "refsource": "MISC",
                  "url": "http://speirofr.appspot.com/cve-2014-1739-kernel-infoleak-vulnerability-in-media_enum_entities.html"
                },
                {
                  "name": "59597",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59597"
                },
                {
                  "name": "1038201",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038201"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2014-1739",
        "datePublished": "2014-06-23T10:00:00.000Z",
        "dateReserved": "2014-01-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:50:11.338Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3153 (GCVE-0-2014-3153)

    Vulnerability from nvd – Published: 2014-06-07 14:00 – Updated: 2025-10-22 00:05
    VLAI CISA KEVIntel
    Summary
    The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/67906 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://openwall.com/lists/oss-security/2014/06/05/24 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/59029 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2014/dsa-2949 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/59262 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/58990 third-party-advisoryx_refsource_SECUNIA
    https://git.kernel.org/cgit/linux/kernel/git/torv… x_refsource_CONFIRM
    https://git.kernel.org/cgit/linux/kernel/git/torv… x_refsource_CONFIRM
    http://git.kernel.org/?p=linux/kernel/git/torvald… x_refsource_CONFIRM
    http://linux.oracle.com/errata/ELSA-2014-3037.html x_refsource_CONFIRM
    http://secunia.com/advisories/59153 third-party-advisoryx_refsource_SECUNIA
    http://openwall.com/lists/oss-security/2014/06/06/20 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/59309 third-party-advisoryx_refsource_SECUNIA
    https://github.com/torvalds/linux/commit/e9c243a5… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1030451 vdb-entryx_refsource_SECTRACK
    http://linux.oracle.com/errata/ELSA-2014-0771.html x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2014-0800.html vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/USN-2237-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://linux.oracle.com/errata/ELSA-2014-3039.html x_refsource_CONFIRM
    https://git.kernel.org/cgit/linux/kernel/git/torv… x_refsource_CONFIRM
    http://secunia.com/advisories/58500 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/USN-2240-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.redhat.com/show_bug.cgi?id=1103626 x_refsource_CONFIRM
    http://secunia.com/advisories/59386 third-party-advisoryx_refsource_SECUNIA
    http://www.exploit-db.com/exploits/35370 exploitx_refsource_EXPLOIT-DB
    http://secunia.com/advisories/59599 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.openwall.com/lists/oss-security/2014/0… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/59092 third-party-advisoryx_refsource_SECUNIA
    http://linux.oracle.com/errata/ELSA-2014-3038.html x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2021/02/01/4 mailing-listx_refsource_MLIST
    https://www.openwall.com/lists/oss-security/2021/… x_refsource_MISC
    https://elongl.github.io/exploitation/2021/01/08/… x_refsource_MISC
    https://github.com/elongl/CVE-2014-3153 x_refsource_MISC
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    Date Public
    2014-06-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:35:56.633Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "67906",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/67906"
              },
              {
                "name": "openSUSE-SU-2014:0878",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html"
              },
              {
                "name": "[oss-security] 20140605 Re: Linux kernel futex local privilege escalation (CVE-2014-3153)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2014/06/05/24"
              },
              {
                "name": "59029",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59029"
              },
              {
                "name": "DSA-2949",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2949"
              },
              {
                "name": "SUSE-SU-2014:1316",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
              },
              {
                "name": "SUSE-SU-2014:0796",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html"
              },
              {
                "name": "59262",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59262"
              },
              {
                "name": "58990",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/58990"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-3037.html"
              },
              {
                "name": "59153",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59153"
              },
              {
                "name": "[oss-security] 20140606 Re: Linux kernel futex local privilege escalation (CVE-2014-3153)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2014/06/06/20"
              },
              {
                "name": "59309",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59309"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8"
              },
              {
                "name": "1030451",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1030451"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
              },
              {
                "name": "SUSE-SU-2014:0775",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html"
              },
              {
                "name": "RHSA-2014:0800",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"
              },
              {
                "name": "USN-2237-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2237-1"
              },
              {
                "name": "SUSE-SU-2014:1319",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-3039.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270"
              },
              {
                "name": "58500",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/58500"
              },
              {
                "name": "USN-2240-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2240-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103626"
              },
              {
                "name": "59386",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59386"
              },
              {
                "name": "35370",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/35370"
              },
              {
                "name": "59599",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59599"
              },
              {
                "name": "SUSE-SU-2014:0837",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html"
              },
              {
                "name": "[oss-security] 20140605 Linux kernel futex local privilege escalation (CVE-2014-3153)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/06/05/22"
              },
              {
                "name": "59092",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59092"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-3038.html"
              },
              {
                "name": "[oss-security] 20210201 Re: Linux Kernel: local priv escalation via futexes",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/02/01/4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2021/02/01/4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/elongl/CVE-2014-3153"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2014-3153",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-03T14:12:20.309556Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-05-25",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-3153"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-22T00:05:37.360Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-3153"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-05-25T00:00:00.000Z",
                "value": "CVE-2014-3153 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-06-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-02T06:37:16.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "name": "67906",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/67906"
            },
            {
              "name": "openSUSE-SU-2014:0878",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html"
            },
            {
              "name": "[oss-security] 20140605 Re: Linux kernel futex local privilege escalation (CVE-2014-3153)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2014/06/05/24"
            },
            {
              "name": "59029",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59029"
            },
            {
              "name": "DSA-2949",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2949"
            },
            {
              "name": "SUSE-SU-2014:1316",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
            },
            {
              "name": "SUSE-SU-2014:0796",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html"
            },
            {
              "name": "59262",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59262"
            },
            {
              "name": "58990",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/58990"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-3037.html"
            },
            {
              "name": "59153",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59153"
            },
            {
              "name": "[oss-security] 20140606 Re: Linux kernel futex local privilege escalation (CVE-2014-3153)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2014/06/06/20"
            },
            {
              "name": "59309",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59309"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8"
            },
            {
              "name": "1030451",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1030451"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
            },
            {
              "name": "SUSE-SU-2014:0775",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html"
            },
            {
              "name": "RHSA-2014:0800",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"
            },
            {
              "name": "USN-2237-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2237-1"
            },
            {
              "name": "SUSE-SU-2014:1319",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-3039.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270"
            },
            {
              "name": "58500",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/58500"
            },
            {
              "name": "USN-2240-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2240-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103626"
            },
            {
              "name": "59386",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59386"
            },
            {
              "name": "35370",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/35370"
            },
            {
              "name": "59599",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59599"
            },
            {
              "name": "SUSE-SU-2014:0837",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html"
            },
            {
              "name": "[oss-security] 20140605 Linux kernel futex local privilege escalation (CVE-2014-3153)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/06/05/22"
            },
            {
              "name": "59092",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59092"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-3038.html"
            },
            {
              "name": "[oss-security] 20210201 Re: Linux Kernel: local priv escalation via futexes",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/02/01/4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2021/02/01/4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/elongl/CVE-2014-3153"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "chrome-cve-admin@google.com",
              "ID": "CVE-2014-3153",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "67906",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/67906"
                },
                {
                  "name": "openSUSE-SU-2014:0878",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html"
                },
                {
                  "name": "[oss-security] 20140605 Re: Linux kernel futex local privilege escalation (CVE-2014-3153)",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2014/06/05/24"
                },
                {
                  "name": "59029",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59029"
                },
                {
                  "name": "DSA-2949",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-2949"
                },
                {
                  "name": "SUSE-SU-2014:1316",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
                },
                {
                  "name": "SUSE-SU-2014:0796",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html"
                },
                {
                  "name": "59262",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59262"
                },
                {
                  "name": "58990",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/58990"
                },
                {
                  "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e",
                  "refsource": "CONFIRM",
                  "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e"
                },
                {
                  "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339",
                  "refsource": "CONFIRM",
                  "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339"
                },
                {
                  "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e9c243a5a6de0be8e584c604d353412584b592f8",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e9c243a5a6de0be8e584c604d353412584b592f8"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-3037.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-3037.html"
                },
                {
                  "name": "59153",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59153"
                },
                {
                  "name": "[oss-security] 20140606 Re: Linux kernel futex local privilege escalation (CVE-2014-3153)",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2014/06/06/20"
                },
                {
                  "name": "59309",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59309"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8"
                },
                {
                  "name": "1030451",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1030451"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-0771.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
                },
                {
                  "name": "SUSE-SU-2014:0775",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html"
                },
                {
                  "name": "RHSA-2014:0800",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"
                },
                {
                  "name": "USN-2237-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2237-1"
                },
                {
                  "name": "SUSE-SU-2014:1319",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-3039.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-3039.html"
                },
                {
                  "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270",
                  "refsource": "CONFIRM",
                  "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270"
                },
                {
                  "name": "58500",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/58500"
                },
                {
                  "name": "USN-2240-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2240-1"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1103626",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103626"
                },
                {
                  "name": "59386",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59386"
                },
                {
                  "name": "35370",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/35370"
                },
                {
                  "name": "59599",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59599"
                },
                {
                  "name": "SUSE-SU-2014:0837",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html"
                },
                {
                  "name": "[oss-security] 20140605 Linux kernel futex local privilege escalation (CVE-2014-3153)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/06/05/22"
                },
                {
                  "name": "59092",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59092"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-3038.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-3038.html"
                },
                {
                  "name": "[oss-security] 20210201 Re: Linux Kernel: local priv escalation via futexes",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/02/01/4"
                },
                {
                  "name": "https://www.openwall.com/lists/oss-security/2021/02/01/4",
                  "refsource": "MISC",
                  "url": "https://www.openwall.com/lists/oss-security/2021/02/01/4"
                },
                {
                  "name": "https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html",
                  "refsource": "MISC",
                  "url": "https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html"
                },
                {
                  "name": "https://github.com/elongl/CVE-2014-3153",
                  "refsource": "MISC",
                  "url": "https://github.com/elongl/CVE-2014-3153"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2014-3153",
        "datePublished": "2014-06-07T14:00:00.000Z",
        "dateReserved": "2014-05-03T00:00:00.000Z",
        "dateUpdated": "2025-10-22T00:05:37.360Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3469 (GCVE-0-2014-3469)

    Vulnerability from nvd – Published: 2014-06-05 20:00 – Updated: 2024-08-06 10:43
    VLAI
    Summary
    The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/60320 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2014/dsa-3056 vendor-advisoryx_refsource_DEBIAN
    http://www.novell.com/support/kb/doc.php?id=7015302 x_refsource_CONFIRM
    http://secunia.com/advisories/59057 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://linux.oracle.com/errata/ELSA-2014-0596.html x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/59021 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/61888 third-party-advisoryx_refsource_SECUNIA
    http://advisories.mageia.org/MGASA-2014-0247.html x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-0815.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=1102329 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-0596.html vendor-advisoryx_refsource_REDHAT
    http://lists.gnu.org/archive/html/help-libtasn1/2… mailing-listx_refsource_MLIST
    http://www.novell.com/support/kb/doc.php?id=7015303 x_refsource_CONFIRM
    http://linux.oracle.com/errata/ELSA-2014-0594.html x_refsource_CONFIRM
    http://secunia.com/advisories/58591 third-party-advisoryx_refsource_SECUNIA
    http://rhn.redhat.com/errata/RHSA-2014-0687.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/58614 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2014-0594.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/60415 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/59408 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2014-05-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:43:06.230Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "60320",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60320"
              },
              {
                "name": "DSA-3056",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3056"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/kb/doc.php?id=7015302"
              },
              {
                "name": "59057",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59057"
              },
              {
                "name": "SUSE-SU-2014:0758",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
              },
              {
                "name": "MDVSA-2015:116",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
              },
              {
                "name": "59021",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59021"
              },
              {
                "name": "61888",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61888"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0247.html"
              },
              {
                "name": "RHSA-2014:0815",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102329"
              },
              {
                "name": "RHSA-2014:0596",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
              },
              {
                "name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/kb/doc.php?id=7015303"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
              },
              {
                "name": "58591",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/58591"
              },
              {
                "name": "RHSA-2014:0687",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
              },
              {
                "name": "58614",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/58614"
              },
              {
                "name": "SUSE-SU-2014:0788",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
              },
              {
                "name": "RHSA-2014:0594",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
              },
              {
                "name": "60415",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60415"
              },
              {
                "name": "59408",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59408"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-05-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-28T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "60320",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60320"
            },
            {
              "name": "DSA-3056",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3056"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/kb/doc.php?id=7015302"
            },
            {
              "name": "59057",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59057"
            },
            {
              "name": "SUSE-SU-2014:0758",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
            },
            {
              "name": "MDVSA-2015:116",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
            },
            {
              "name": "59021",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59021"
            },
            {
              "name": "61888",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61888"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0247.html"
            },
            {
              "name": "RHSA-2014:0815",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102329"
            },
            {
              "name": "RHSA-2014:0596",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
            },
            {
              "name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/kb/doc.php?id=7015303"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
            },
            {
              "name": "58591",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/58591"
            },
            {
              "name": "RHSA-2014:0687",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
            },
            {
              "name": "58614",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/58614"
            },
            {
              "name": "SUSE-SU-2014:0788",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
            },
            {
              "name": "RHSA-2014:0594",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
            },
            {
              "name": "60415",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60415"
            },
            {
              "name": "59408",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59408"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2014-3469",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "60320",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60320"
                },
                {
                  "name": "DSA-3056",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3056"
                },
                {
                  "name": "http://www.novell.com/support/kb/doc.php?id=7015302",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/kb/doc.php?id=7015302"
                },
                {
                  "name": "59057",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59057"
                },
                {
                  "name": "SUSE-SU-2014:0758",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-0596.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
                },
                {
                  "name": "MDVSA-2015:116",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
                },
                {
                  "name": "59021",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59021"
                },
                {
                  "name": "61888",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61888"
                },
                {
                  "name": "http://advisories.mageia.org/MGASA-2014-0247.html",
                  "refsource": "CONFIRM",
                  "url": "http://advisories.mageia.org/MGASA-2014-0247.html"
                },
                {
                  "name": "RHSA-2014:0815",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1102329",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102329"
                },
                {
                  "name": "RHSA-2014:0596",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
                },
                {
                  "name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
                  "refsource": "MLIST",
                  "url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
                },
                {
                  "name": "http://www.novell.com/support/kb/doc.php?id=7015303",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/kb/doc.php?id=7015303"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-0594.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
                },
                {
                  "name": "58591",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/58591"
                },
                {
                  "name": "RHSA-2014:0687",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
                },
                {
                  "name": "58614",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/58614"
                },
                {
                  "name": "SUSE-SU-2014:0788",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
                },
                {
                  "name": "RHSA-2014:0594",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
                },
                {
                  "name": "60415",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60415"
                },
                {
                  "name": "59408",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59408"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3469",
        "datePublished": "2014-06-05T20:00:00.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:43:06.230Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3468 (GCVE-0-2014-3468)

    Vulnerability from nvd – Published: 2014-06-05 20:00 – Updated: 2024-08-06 10:43
    VLAI
    Summary
    The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/60320 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2014/dsa-3056 vendor-advisoryx_refsource_DEBIAN
    http://git.savannah.gnu.org/cgit/libtasn1.git/com… x_refsource_CONFIRM
    http://www.novell.com/support/kb/doc.php?id=7015302 x_refsource_CONFIRM
    http://secunia.com/advisories/59057 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://support.f5.com/kb/en-us/solutions/public/1… x_refsource_CONFIRM
    http://linux.oracle.com/errata/ELSA-2014-0596.html x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/59021 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/61888 third-party-advisoryx_refsource_SECUNIA
    http://advisories.mageia.org/MGASA-2014-0247.html x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-0815.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2014-0596.html vendor-advisoryx_refsource_REDHAT
    http://lists.gnu.org/archive/html/help-libtasn1/2… mailing-listx_refsource_MLIST
    http://www.novell.com/support/kb/doc.php?id=7015303 x_refsource_CONFIRM
    http://linux.oracle.com/errata/ELSA-2014-0594.html x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=1102323 x_refsource_CONFIRM
    http://secunia.com/advisories/58591 third-party-advisoryx_refsource_SECUNIA
    http://rhn.redhat.com/errata/RHSA-2014-0687.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/58614 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2014-0594.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/60415 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/59408 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2014-05-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:43:06.299Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "60320",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60320"
              },
              {
                "name": "DSA-3056",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3056"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/kb/doc.php?id=7015302"
              },
              {
                "name": "59057",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59057"
              },
              {
                "name": "SUSE-SU-2014:0758",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
              },
              {
                "name": "MDVSA-2015:116",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
              },
              {
                "name": "59021",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59021"
              },
              {
                "name": "61888",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61888"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0247.html"
              },
              {
                "name": "RHSA-2014:0815",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
              },
              {
                "name": "RHSA-2014:0596",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
              },
              {
                "name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/kb/doc.php?id=7015303"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323"
              },
              {
                "name": "58591",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/58591"
              },
              {
                "name": "RHSA-2014:0687",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
              },
              {
                "name": "58614",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/58614"
              },
              {
                "name": "SUSE-SU-2014:0788",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
              },
              {
                "name": "RHSA-2014:0594",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
              },
              {
                "name": "60415",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60415"
              },
              {
                "name": "59408",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59408"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-05-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-28T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "60320",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60320"
            },
            {
              "name": "DSA-3056",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3056"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/kb/doc.php?id=7015302"
            },
            {
              "name": "59057",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59057"
            },
            {
              "name": "SUSE-SU-2014:0758",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
            },
            {
              "name": "MDVSA-2015:116",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
            },
            {
              "name": "59021",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59021"
            },
            {
              "name": "61888",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61888"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0247.html"
            },
            {
              "name": "RHSA-2014:0815",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
            },
            {
              "name": "RHSA-2014:0596",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
            },
            {
              "name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/kb/doc.php?id=7015303"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323"
            },
            {
              "name": "58591",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/58591"
            },
            {
              "name": "RHSA-2014:0687",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
            },
            {
              "name": "58614",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/58614"
            },
            {
              "name": "SUSE-SU-2014:0788",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
            },
            {
              "name": "RHSA-2014:0594",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
            },
            {
              "name": "60415",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60415"
            },
            {
              "name": "59408",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59408"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2014-3468",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "60320",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60320"
                },
                {
                  "name": "DSA-3056",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3056"
                },
                {
                  "name": "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f",
                  "refsource": "CONFIRM",
                  "url": "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f"
                },
                {
                  "name": "http://www.novell.com/support/kb/doc.php?id=7015302",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/kb/doc.php?id=7015302"
                },
                {
                  "name": "59057",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59057"
                },
                {
                  "name": "SUSE-SU-2014:0758",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
                },
                {
                  "name": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html",
                  "refsource": "CONFIRM",
                  "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-0596.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
                },
                {
                  "name": "MDVSA-2015:116",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
                },
                {
                  "name": "59021",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59021"
                },
                {
                  "name": "61888",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61888"
                },
                {
                  "name": "http://advisories.mageia.org/MGASA-2014-0247.html",
                  "refsource": "CONFIRM",
                  "url": "http://advisories.mageia.org/MGASA-2014-0247.html"
                },
                {
                  "name": "RHSA-2014:0815",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
                },
                {
                  "name": "RHSA-2014:0596",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
                },
                {
                  "name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
                  "refsource": "MLIST",
                  "url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
                },
                {
                  "name": "http://www.novell.com/support/kb/doc.php?id=7015303",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/kb/doc.php?id=7015303"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-0594.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323"
                },
                {
                  "name": "58591",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/58591"
                },
                {
                  "name": "RHSA-2014:0687",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
                },
                {
                  "name": "58614",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/58614"
                },
                {
                  "name": "SUSE-SU-2014:0788",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
                },
                {
                  "name": "RHSA-2014:0594",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
                },
                {
                  "name": "60415",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60415"
                },
                {
                  "name": "59408",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59408"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3468",
        "datePublished": "2014-06-05T20:00:00.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:43:06.299Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3467 (GCVE-0-2014-3467)

    Vulnerability from nvd – Published: 2014-06-05 20:00 – Updated: 2024-08-06 10:43
    VLAI
    Summary
    Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/60320 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2014/dsa-3056 vendor-advisoryx_refsource_DEBIAN
    http://www.novell.com/support/kb/doc.php?id=7015302 x_refsource_CONFIRM
    http://secunia.com/advisories/59057 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://support.f5.com/kb/en-us/solutions/public/1… x_refsource_CONFIRM
    http://linux.oracle.com/errata/ELSA-2014-0596.html x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/59021 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/61888 third-party-advisoryx_refsource_SECUNIA
    http://advisories.mageia.org/MGASA-2014-0247.html x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-0815.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2014-0596.html vendor-advisoryx_refsource_REDHAT
    http://lists.gnu.org/archive/html/help-libtasn1/2… mailing-listx_refsource_MLIST
    http://www.novell.com/support/kb/doc.php?id=7015303 x_refsource_CONFIRM
    http://linux.oracle.com/errata/ELSA-2014-0594.html x_refsource_CONFIRM
    http://secunia.com/advisories/58591 third-party-advisoryx_refsource_SECUNIA
    http://rhn.redhat.com/errata/RHSA-2014-0687.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/58614 third-party-advisoryx_refsource_SECUNIA
    https://bugzilla.redhat.com/show_bug.cgi?id=1102022 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2014-0594.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/60415 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/59408 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2014-05-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:43:06.499Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "60320",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60320"
              },
              {
                "name": "DSA-3056",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3056"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/kb/doc.php?id=7015302"
              },
              {
                "name": "59057",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59057"
              },
              {
                "name": "SUSE-SU-2014:0758",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
              },
              {
                "name": "MDVSA-2015:116",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
              },
              {
                "name": "59021",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59021"
              },
              {
                "name": "61888",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61888"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0247.html"
              },
              {
                "name": "RHSA-2014:0815",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
              },
              {
                "name": "RHSA-2014:0596",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
              },
              {
                "name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/kb/doc.php?id=7015303"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
              },
              {
                "name": "58591",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/58591"
              },
              {
                "name": "RHSA-2014:0687",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
              },
              {
                "name": "58614",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/58614"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102022"
              },
              {
                "name": "SUSE-SU-2014:0788",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
              },
              {
                "name": "RHSA-2014:0594",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
              },
              {
                "name": "60415",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60415"
              },
              {
                "name": "59408",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59408"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-05-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-28T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "60320",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60320"
            },
            {
              "name": "DSA-3056",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3056"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/kb/doc.php?id=7015302"
            },
            {
              "name": "59057",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59057"
            },
            {
              "name": "SUSE-SU-2014:0758",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
            },
            {
              "name": "MDVSA-2015:116",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
            },
            {
              "name": "59021",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59021"
            },
            {
              "name": "61888",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61888"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0247.html"
            },
            {
              "name": "RHSA-2014:0815",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
            },
            {
              "name": "RHSA-2014:0596",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
            },
            {
              "name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/kb/doc.php?id=7015303"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
            },
            {
              "name": "58591",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/58591"
            },
            {
              "name": "RHSA-2014:0687",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
            },
            {
              "name": "58614",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/58614"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102022"
            },
            {
              "name": "SUSE-SU-2014:0788",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
            },
            {
              "name": "RHSA-2014:0594",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
            },
            {
              "name": "60415",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60415"
            },
            {
              "name": "59408",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59408"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2014-3467",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "60320",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60320"
                },
                {
                  "name": "DSA-3056",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3056"
                },
                {
                  "name": "http://www.novell.com/support/kb/doc.php?id=7015302",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/kb/doc.php?id=7015302"
                },
                {
                  "name": "59057",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59057"
                },
                {
                  "name": "SUSE-SU-2014:0758",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
                },
                {
                  "name": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html",
                  "refsource": "CONFIRM",
                  "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-0596.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
                },
                {
                  "name": "MDVSA-2015:116",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
                },
                {
                  "name": "59021",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59021"
                },
                {
                  "name": "61888",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61888"
                },
                {
                  "name": "http://advisories.mageia.org/MGASA-2014-0247.html",
                  "refsource": "CONFIRM",
                  "url": "http://advisories.mageia.org/MGASA-2014-0247.html"
                },
                {
                  "name": "RHSA-2014:0815",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
                },
                {
                  "name": "RHSA-2014:0596",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
                },
                {
                  "name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
                  "refsource": "MLIST",
                  "url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
                },
                {
                  "name": "http://www.novell.com/support/kb/doc.php?id=7015303",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/kb/doc.php?id=7015303"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-0594.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
                },
                {
                  "name": "58591",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/58591"
                },
                {
                  "name": "RHSA-2014:0687",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
                },
                {
                  "name": "58614",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/58614"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1102022",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102022"
                },
                {
                  "name": "SUSE-SU-2014:0788",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
                },
                {
                  "name": "RHSA-2014:0594",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
                },
                {
                  "name": "60415",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60415"
                },
                {
                  "name": "59408",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59408"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3467",
        "datePublished": "2014-06-05T20:00:00.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:43:06.499Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-1738 (GCVE-0-2014-1738)

    Vulnerability from nvd – Published: 2014-05-11 21:00 – Updated: 2024-08-06 09:50
    VLAI
    Summary
    The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/bid/67302 vdb-entryx_refsource_BID
    http://secunia.com/advisories/59262 third-party-advisoryx_refsource_SECUNIA
    http://git.kernel.org/?p=linux/kernel/git/torvald… x_refsource_CONFIRM
    http://secunia.com/advisories/59309 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/59406 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2014/dsa-2928 vendor-advisoryx_refsource_DEBIAN
    https://bugzilla.redhat.com/show_bug.cgi?id=1094299 x_refsource_CONFIRM
    http://linux.oracle.com/errata/ELSA-2014-0771.html x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-0800.html vendor-advisoryx_refsource_REDHAT
    http://www.openwall.com/lists/oss-security/2014/05/09/2 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/59599 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2014/dsa-2926 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://github.com/torvalds/linux/commit/2145e15e… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1030474 vdb-entryx_refsource_SECTRACK
    http://linux.oracle.com/errata/ELSA-2014-3043.html x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-0801.html vendor-advisoryx_refsource_REDHAT
    Date Public
    2014-05-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:50:11.164Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2014:0683",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"
              },
              {
                "name": "67302",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/67302"
              },
              {
                "name": "59262",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59262"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2145e15e0557a01b9195d1c7199a1b92cb9be81f"
              },
              {
                "name": "59309",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59309"
              },
              {
                "name": "59406",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59406"
              },
              {
                "name": "DSA-2928",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2928"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
              },
              {
                "name": "RHSA-2014:0800",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"
              },
              {
                "name": "[oss-security] 20140509 Linux kernel floppy ioctl kernel code execution",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/05/09/2"
              },
              {
                "name": "59599",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59599"
              },
              {
                "name": "DSA-2926",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2926"
              },
              {
                "name": "SUSE-SU-2014:0667",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f"
              },
              {
                "name": "1030474",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1030474"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html"
              },
              {
                "name": "RHSA-2014:0801",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0801.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-05-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-20T19:57:01.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "name": "SUSE-SU-2014:0683",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"
            },
            {
              "name": "67302",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/67302"
            },
            {
              "name": "59262",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59262"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2145e15e0557a01b9195d1c7199a1b92cb9be81f"
            },
            {
              "name": "59309",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59309"
            },
            {
              "name": "59406",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59406"
            },
            {
              "name": "DSA-2928",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2928"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
            },
            {
              "name": "RHSA-2014:0800",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"
            },
            {
              "name": "[oss-security] 20140509 Linux kernel floppy ioctl kernel code execution",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/05/09/2"
            },
            {
              "name": "59599",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59599"
            },
            {
              "name": "DSA-2926",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2926"
            },
            {
              "name": "SUSE-SU-2014:0667",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f"
            },
            {
              "name": "1030474",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1030474"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html"
            },
            {
              "name": "RHSA-2014:0801",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0801.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "ID": "CVE-2014-1738",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2014:0683",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"
                },
                {
                  "name": "67302",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/67302"
                },
                {
                  "name": "59262",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59262"
                },
                {
                  "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2145e15e0557a01b9195d1c7199a1b92cb9be81f",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2145e15e0557a01b9195d1c7199a1b92cb9be81f"
                },
                {
                  "name": "59309",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59309"
                },
                {
                  "name": "59406",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59406"
                },
                {
                  "name": "DSA-2928",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-2928"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-0771.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
                },
                {
                  "name": "RHSA-2014:0800",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"
                },
                {
                  "name": "[oss-security] 20140509 Linux kernel floppy ioctl kernel code execution",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/05/09/2"
                },
                {
                  "name": "59599",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59599"
                },
                {
                  "name": "DSA-2926",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-2926"
                },
                {
                  "name": "SUSE-SU-2014:0667",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f"
                },
                {
                  "name": "1030474",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1030474"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-3043.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html"
                },
                {
                  "name": "RHSA-2014:0801",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0801.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2014-1738",
        "datePublished": "2014-05-11T21:00:00.000Z",
        "dateReserved": "2014-01-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:50:11.164Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-1737 (GCVE-0-2014-1737)

    Vulnerability from nvd – Published: 2014-05-11 21:00 – Updated: 2024-08-06 09:50
    VLAI
    Summary
    The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/67300 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/59262 third-party-advisoryx_refsource_SECUNIA
    http://git.kernel.org/?p=linux/kernel/git/torvald… x_refsource_CONFIRM
    http://secunia.com/advisories/59309 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/59406 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2014/dsa-2928 vendor-advisoryx_refsource_DEBIAN
    https://bugzilla.redhat.com/show_bug.cgi?id=1094299 x_refsource_CONFIRM
    http://linux.oracle.com/errata/ELSA-2014-0771.html x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-0800.html vendor-advisoryx_refsource_REDHAT
    http://www.openwall.com/lists/oss-security/2014/05/09/2 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/59599 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2014/dsa-2926 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securitytracker.com/id/1030474 vdb-entryx_refsource_SECTRACK
    http://linux.oracle.com/errata/ELSA-2014-3043.html x_refsource_CONFIRM
    https://github.com/torvalds/linux/commit/ef87dbe7… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-0801.html vendor-advisoryx_refsource_REDHAT
    Date Public
    2014-05-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:50:11.078Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "67300",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/67300"
              },
              {
                "name": "SUSE-SU-2014:0683",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"
              },
              {
                "name": "59262",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59262"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c"
              },
              {
                "name": "59309",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59309"
              },
              {
                "name": "59406",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59406"
              },
              {
                "name": "DSA-2928",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2928"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
              },
              {
                "name": "RHSA-2014:0800",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"
              },
              {
                "name": "[oss-security] 20140509 Linux kernel floppy ioctl kernel code execution",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/05/09/2"
              },
              {
                "name": "59599",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59599"
              },
              {
                "name": "DSA-2926",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2926"
              },
              {
                "name": "SUSE-SU-2014:0667",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"
              },
              {
                "name": "1030474",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1030474"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/ef87dbe7614341c2e7bfe8d32fcb7028cc97442c"
              },
              {
                "name": "RHSA-2014:0801",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0801.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-05-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-20T19:57:01.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "name": "67300",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/67300"
            },
            {
              "name": "SUSE-SU-2014:0683",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"
            },
            {
              "name": "59262",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59262"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c"
            },
            {
              "name": "59309",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59309"
            },
            {
              "name": "59406",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59406"
            },
            {
              "name": "DSA-2928",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2928"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
            },
            {
              "name": "RHSA-2014:0800",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"
            },
            {
              "name": "[oss-security] 20140509 Linux kernel floppy ioctl kernel code execution",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/05/09/2"
            },
            {
              "name": "59599",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59599"
            },
            {
              "name": "DSA-2926",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2926"
            },
            {
              "name": "SUSE-SU-2014:0667",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"
            },
            {
              "name": "1030474",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1030474"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/ef87dbe7614341c2e7bfe8d32fcb7028cc97442c"
            },
            {
              "name": "RHSA-2014:0801",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0801.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "ID": "CVE-2014-1737",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "67300",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/67300"
                },
                {
                  "name": "SUSE-SU-2014:0683",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"
                },
                {
                  "name": "59262",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59262"
                },
                {
                  "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c"
                },
                {
                  "name": "59309",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59309"
                },
                {
                  "name": "59406",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59406"
                },
                {
                  "name": "DSA-2928",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-2928"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-0771.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
                },
                {
                  "name": "RHSA-2014:0800",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"
                },
                {
                  "name": "[oss-security] 20140509 Linux kernel floppy ioctl kernel code execution",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/05/09/2"
                },
                {
                  "name": "59599",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59599"
                },
                {
                  "name": "DSA-2926",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-2926"
                },
                {
                  "name": "SUSE-SU-2014:0667",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"
                },
                {
                  "name": "1030474",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1030474"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-3043.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/ef87dbe7614341c2e7bfe8d32fcb7028cc97442c",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/ef87dbe7614341c2e7bfe8d32fcb7028cc97442c"
                },
                {
                  "name": "RHSA-2014:0801",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0801.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2014-1737",
        "datePublished": "2014-05-11T21:00:00.000Z",
        "dateReserved": "2014-01-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:50:11.078Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-2706 (GCVE-0-2014-2706)

    Vulnerability from nvd – Published: 2014-04-14 23:00 – Updated: 2024-08-06 10:21
    VLAI
    Summary
    Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-02-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:21:36.015Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2014:1316",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/2017-04-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-3052.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1083512"
              },
              {
                "name": "60613",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60613"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.kernel.org/show_bug.cgi?id=70551#c18"
              },
              {
                "name": "SUSE-SU-2014:1319",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1d147bfa64293b2723c4fec50922168658e613ba"
              },
              {
                "name": "[oss-security] 20140401 Re: CVE request: Linux Kernel, two security issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/04/01/8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/1d147bfa64293b2723c4fec50922168658e613ba"
              },
              {
                "name": "66591",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/66591"
              },
              {
                "name": "1038201",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038201"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-02-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2014:1316",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/2017-04-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-3052.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1083512"
            },
            {
              "name": "60613",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60613"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.kernel.org/show_bug.cgi?id=70551#c18"
            },
            {
              "name": "SUSE-SU-2014:1319",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1d147bfa64293b2723c4fec50922168658e613ba"
            },
            {
              "name": "[oss-security] 20140401 Re: CVE request: Linux Kernel, two security issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/04/01/8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/1d147bfa64293b2723c4fec50922168658e613ba"
            },
            {
              "name": "66591",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/66591"
            },
            {
              "name": "1038201",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038201"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-2706",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2014:1316",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
                },
                {
                  "name": "https://source.android.com/security/bulletin/2017-04-01",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/2017-04-01"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-3052.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-3052.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1083512",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1083512"
                },
                {
                  "name": "60613",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60613"
                },
                {
                  "name": "https://bugzilla.kernel.org/show_bug.cgi?id=70551#c18",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.kernel.org/show_bug.cgi?id=70551#c18"
                },
                {
                  "name": "SUSE-SU-2014:1319",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
                },
                {
                  "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1d147bfa64293b2723c4fec50922168658e613ba",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1d147bfa64293b2723c4fec50922168658e613ba"
                },
                {
                  "name": "[oss-security] 20140401 Re: CVE request: Linux Kernel, two security issues",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/04/01/8"
                },
                {
                  "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7",
                  "refsource": "CONFIRM",
                  "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/1d147bfa64293b2723c4fec50922168658e613ba",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/1d147bfa64293b2723c4fec50922168658e613ba"
                },
                {
                  "name": "66591",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/66591"
                },
                {
                  "name": "1038201",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038201"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-2706",
        "datePublished": "2014-04-14T23:00:00.000Z",
        "dateReserved": "2014-04-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:21:36.015Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-2324 (GCVE-0-2014-2324)

    Vulnerability from nvd – Published: 2014-03-14 15:00 – Updated: 2024-08-06 10:06
    VLAI
    Summary
    Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.lighttpd.net/2014/3/12/1.4.35/ x_refsource_CONFIRM
    http://www.securityfocus.com/bid/66157 vdb-entryx_refsource_BID
    http://download.lighttpd.net/lighttpd/security/li… x_refsource_CONFIRM
    http://www.debian.org/security/2014/dsa-2877 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/57514 third-party-advisoryx_refsource_SECUNIA
    http://marc.info/?l=bugtraq&m=141576815022399&w=2 vendor-advisoryx_refsource_HP
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/57404 third-party-advisoryx_refsource_SECUNIA
    http://seclists.org/oss-sec/2014/q1/564 mailing-listx_refsource_MLIST
    http://seclists.org/oss-sec/2014/q1/561 mailing-listx_refsource_MLIST
    http://jvn.jp/en/jp/JVN37417423/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2014-03-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:06:00.322Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.lighttpd.net/2014/3/12/1.4.35/"
              },
              {
                "name": "66157",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/66157"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt"
              },
              {
                "name": "DSA-2877",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2877"
              },
              {
                "name": "openSUSE-SU-2014:0449",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html"
              },
              {
                "name": "57514",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/57514"
              },
              {
                "name": "HPSBGN03191",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2"
              },
              {
                "name": "openSUSE-SU-2014:0496",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html"
              },
              {
                "name": "SUSE-SU-2014:0474",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html"
              },
              {
                "name": "57404",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/57404"
              },
              {
                "name": "[oss-security] 20140312 Re: lighttpd 1.4.34 SQL injection and path traversal CVE request",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q1/564"
              },
              {
                "name": "[oss-security] 20140312 lighttpd 1.4.34 SQL injection and path traversal CVE request",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q1/561"
              },
              {
                "name": "JVN#37417423",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN37417423/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-03-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-19T04:06:10.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.lighttpd.net/2014/3/12/1.4.35/"
            },
            {
              "name": "66157",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/66157"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt"
            },
            {
              "name": "DSA-2877",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2877"
            },
            {
              "name": "openSUSE-SU-2014:0449",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html"
            },
            {
              "name": "57514",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/57514"
            },
            {
              "name": "HPSBGN03191",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2014:0496",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html"
            },
            {
              "name": "SUSE-SU-2014:0474",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html"
            },
            {
              "name": "57404",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/57404"
            },
            {
              "name": "[oss-security] 20140312 Re: lighttpd 1.4.34 SQL injection and path traversal CVE request",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q1/564"
            },
            {
              "name": "[oss-security] 20140312 lighttpd 1.4.34 SQL injection and path traversal CVE request",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q1/561"
            },
            {
              "name": "JVN#37417423",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN37417423/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-2324",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.lighttpd.net/2014/3/12/1.4.35/",
                  "refsource": "CONFIRM",
                  "url": "http://www.lighttpd.net/2014/3/12/1.4.35/"
                },
                {
                  "name": "66157",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/66157"
                },
                {
                  "name": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt",
                  "refsource": "CONFIRM",
                  "url": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt"
                },
                {
                  "name": "DSA-2877",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-2877"
                },
                {
                  "name": "openSUSE-SU-2014:0449",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html"
                },
                {
                  "name": "57514",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/57514"
                },
                {
                  "name": "HPSBGN03191",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2"
                },
                {
                  "name": "openSUSE-SU-2014:0496",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html"
                },
                {
                  "name": "SUSE-SU-2014:0474",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html"
                },
                {
                  "name": "57404",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/57404"
                },
                {
                  "name": "[oss-security] 20140312 Re: lighttpd 1.4.34 SQL injection and path traversal CVE request",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q1/564"
                },
                {
                  "name": "[oss-security] 20140312 lighttpd 1.4.34 SQL injection and path traversal CVE request",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q1/561"
                },
                {
                  "name": "JVN#37417423",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN37417423/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-2324",
        "datePublished": "2014-03-14T15:00:00.000Z",
        "dateReserved": "2014-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:06:00.322Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-2323 (GCVE-0-2014-2323)

    Vulnerability from nvd – Published: 2014-03-14 15:00 – Updated: 2024-08-06 10:06
    VLAI
    Summary
    SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.lighttpd.net/2014/3/12/1.4.35/ x_refsource_CONFIRM
    http://download.lighttpd.net/lighttpd/security/li… x_refsource_CONFIRM
    http://www.debian.org/security/2014/dsa-2877 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/57514 third-party-advisoryx_refsource_SECUNIA
    http://marc.info/?l=bugtraq&m=141576815022399&w=2 vendor-advisoryx_refsource_HP
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/57404 third-party-advisoryx_refsource_SECUNIA
    http://seclists.org/oss-sec/2014/q1/564 mailing-listx_refsource_MLIST
    http://seclists.org/oss-sec/2014/q1/561 mailing-listx_refsource_MLIST
    http://jvn.jp/en/jp/JVN37417423/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2014-03-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:06:00.483Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.lighttpd.net/2014/3/12/1.4.35/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt"
              },
              {
                "name": "DSA-2877",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2877"
              },
              {
                "name": "openSUSE-SU-2014:0449",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html"
              },
              {
                "name": "57514",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/57514"
              },
              {
                "name": "HPSBGN03191",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2"
              },
              {
                "name": "openSUSE-SU-2014:0496",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html"
              },
              {
                "name": "SUSE-SU-2014:0474",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html"
              },
              {
                "name": "57404",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/57404"
              },
              {
                "name": "[oss-security] 20140312 Re: lighttpd 1.4.34 SQL injection and path traversal CVE request",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q1/564"
              },
              {
                "name": "[oss-security] 20140312 lighttpd 1.4.34 SQL injection and path traversal CVE request",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q1/561"
              },
              {
                "name": "JVN#37417423",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN37417423/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-03-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-19T04:06:07.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.lighttpd.net/2014/3/12/1.4.35/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt"
            },
            {
              "name": "DSA-2877",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2877"
            },
            {
              "name": "openSUSE-SU-2014:0449",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html"
            },
            {
              "name": "57514",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/57514"
            },
            {
              "name": "HPSBGN03191",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2014:0496",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html"
            },
            {
              "name": "SUSE-SU-2014:0474",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html"
            },
            {
              "name": "57404",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/57404"
            },
            {
              "name": "[oss-security] 20140312 Re: lighttpd 1.4.34 SQL injection and path traversal CVE request",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q1/564"
            },
            {
              "name": "[oss-security] 20140312 lighttpd 1.4.34 SQL injection and path traversal CVE request",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q1/561"
            },
            {
              "name": "JVN#37417423",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN37417423/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-2323",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.lighttpd.net/2014/3/12/1.4.35/",
                  "refsource": "CONFIRM",
                  "url": "http://www.lighttpd.net/2014/3/12/1.4.35/"
                },
                {
                  "name": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt",
                  "refsource": "CONFIRM",
                  "url": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt"
                },
                {
                  "name": "DSA-2877",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-2877"
                },
                {
                  "name": "openSUSE-SU-2014:0449",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html"
                },
                {
                  "name": "57514",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/57514"
                },
                {
                  "name": "HPSBGN03191",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2"
                },
                {
                  "name": "openSUSE-SU-2014:0496",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html"
                },
                {
                  "name": "SUSE-SU-2014:0474",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html"
                },
                {
                  "name": "57404",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/57404"
                },
                {
                  "name": "[oss-security] 20140312 Re: lighttpd 1.4.34 SQL injection and path traversal CVE request",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q1/564"
                },
                {
                  "name": "[oss-security] 20140312 lighttpd 1.4.34 SQL injection and path traversal CVE request",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q1/561"
                },
                {
                  "name": "JVN#37417423",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN37417423/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-2323",
        "datePublished": "2014-03-14T15:00:00.000Z",
        "dateReserved": "2014-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:06:00.483Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-3301 (GCVE-0-2013-3301)

    Vulnerability from nvd – Published: 2013-04-29 10:00 – Updated: 2024-08-06 16:07
    VLAI
    Summary
    The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-04-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:07:37.739Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.8"
              },
              {
                "name": "USN-1834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1834-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/6a76f8c0ab19f215af2a3442870eeb5f0e81998d"
              },
              {
                "name": "RHSA-2013:1051",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-1051.html"
              },
              {
                "name": "SUSE-SU-2013:1473",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"
              },
              {
                "name": "[oss-security] 20130415 CVE request - Linux kernel: tracing NULL pointer dereference",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/04/15/1"
              },
              {
                "name": "USN-1835-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1835-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6a76f8c0ab19f215af2a3442870eeb5f0e81998d"
              },
              {
                "name": "USN-1838-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1838-1"
              },
              {
                "name": "openSUSE-SU-2013:1971",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
              },
              {
                "name": "USN-1836-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1836-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952197"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-02-05T15:57:02.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.8"
            },
            {
              "name": "USN-1834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1834-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/6a76f8c0ab19f215af2a3442870eeb5f0e81998d"
            },
            {
              "name": "RHSA-2013:1051",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1051.html"
            },
            {
              "name": "SUSE-SU-2013:1473",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"
            },
            {
              "name": "[oss-security] 20130415 CVE request - Linux kernel: tracing NULL pointer dereference",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/04/15/1"
            },
            {
              "name": "USN-1835-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1835-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6a76f8c0ab19f215af2a3442870eeb5f0e81998d"
            },
            {
              "name": "USN-1838-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1838-1"
            },
            {
              "name": "openSUSE-SU-2013:1971",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
            },
            {
              "name": "USN-1836-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1836-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952197"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-3301",
        "datePublished": "2013-04-29T10:00:00.000Z",
        "dateReserved": "2013-04-28T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:07:37.739Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-31431 (GCVE-0-2026-31431)

    Vulnerability from cvelistv5 – Published: 2026-04-22 08:15 – Updated: 2026-07-01 12:05
    VLAI CISA CIRCL KEVIntel
    Title
    crypto: algif_aead - Revert to operating out-of-place
    Summary
    In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-669 - Incorrect Resource Transfer Between Spheres
    • CWE-1288 - Improper Validation of Consistency within Input
    Assigner
    References
    URL Tags
    https://git.kernel.org/stable/c/893d22e0135fa394d…
    https://git.kernel.org/stable/c/19d43105a97be0810…
    https://git.kernel.org/stable/c/961cfa271a918ad4a…
    https://git.kernel.org/stable/c/3115af9644c342b35…
    https://git.kernel.org/stable/c/8b88d99341f139e23…
    https://git.kernel.org/stable/c/fafe0fa2995a0f707…
    https://git.kernel.org/stable/c/ce42ee423e58dffa5…
    https://git.kernel.org/stable/c/a664bf3d603dc3bdc…
    https://github.com/theori-io/copy-fail-CVE-2026-31431 exploit
    https://xint.io/blog/copy-fail-linux-distribution… mitigation
    https://lore.kernel.org/linux-cve-announce/202604… mitigation
    https://access.redhat.com/security/cve/cve-2026-3… mitigation
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    http://www.openwall.com/lists/oss-security/2026/0…
    https://copy.fail
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/04/30/2
    http://www.openwall.com/lists/oss-security/2026/04/30/5
    http://www.openwall.com/lists/oss-security/2026/04/30/6
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    https://websec.net/blog/cve-2026-31431-linux-algi…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/01/2
    http://www.openwall.com/lists/oss-security/2026/05/01/3
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/02/4
    http://www.openwall.com/lists/oss-security/2026/05/02/5
    http://www.openwall.com/lists/oss-security/2026/05/02/6
    http://www.openwall.com/lists/oss-security/2026/05/02/7
    http://www.openwall.com/lists/oss-security/2026/05/02/8
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/03/3
    http://www.openwall.com/lists/oss-security/2026/05/03/4
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/03/5
    http://www.openwall.com/lists/oss-security/2026/05/03/6
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/04/1
    http://www.openwall.com/lists/oss-security/2026/05/04/2
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/04/8
    http://www.openwall.com/lists/oss-security/2026/05/04/9
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/06/5
    http://www.openwall.com/lists/oss-security/2026/05/07/2
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    https://www.kb.cert.org/vuls/id/260001
    http://www.openwall.com/lists/oss-security/2026/05/18/3
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://access.redhat.com/security/cve/CVE-2026-31431 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2460538 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:14926 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33486 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14097 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14112 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15087 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14773 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13729 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13885 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13727 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13690 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13862 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13811 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13887 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13566 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19074 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13936 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13734 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13932 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14339 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13565 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19225 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13577 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15976 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14165 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14230 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16111 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13681 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16210 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16209 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16208 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16063 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16018 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15978 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13578 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14137 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14301 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 893d22e0135fa394db81df88697fba6032747667 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 19d43105a97be0810edbda875f2cd03f30dc130c (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 961cfa271a918ad4ae452420e7c303149002875b (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 3115af9644c342b356f3f07a4dd1c8905cd9a6fc (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 8b88d99341f139e23bdeb1027a2a3ae10d341d82 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < ce42ee423e58dffa5ec03524054c9d8bfd4f6237 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5 (git)
    Create a notification for this product.
    Linux Linux Affected: 4.14
    Unaffected: 0 , < 4.14 (semver)
    Unaffected: 5.10.254 , ≤ 5.10.* (semver)
    Unaffected: 5.15.204 , ≤ 5.15.* (semver)
    Unaffected: 6.1.170 , ≤ 6.1.* (semver)
    Unaffected: 6.6.137 , ≤ 6.6.* (semver)
    Unaffected: 6.12.85 , ≤ 6.12.* (semver)
    Unaffected: 6.18.22 , ≤ 6.18.* (semver)
    Unaffected: 6.19.12 , ≤ 6.19.* (semver)
    Unaffected: 7.0 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Red Hat NVIDIA for RHEL 10     cpe:/a:redhat:enterprise_linux_nvidia:10::el10
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12     cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13     cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14     cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15     cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16     cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17     cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18     cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.19     cpe:/a:redhat:openshift:4.19::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.20     cpe:/a:redhat:openshift:4.20::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.21     cpe:/a:redhat:openshift:4.21::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 8)     cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.4)     cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)     cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.6)     cpe:/o:redhat:rhel_aus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.6)     cpe:/o:redhat:rhel_e4s:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.6)     cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.8)     cpe:/o:redhat:rhel_e4s:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.8)     cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.0)     cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.2)     cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.4)     cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.6)     cpe:/o:redhat:rhel_eus:9.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 9)     cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CRB (v. 8)     cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux NFV (v. 8)     cpe:/a:redhat:enterprise_linux:8::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux NFV E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV (v. 9)     cpe:/a:redhat:enterprise_linux:9::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux RT (v. 8)     cpe:/a:redhat:enterprise_linux:8::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time (v. 9)     cpe:/a:redhat:enterprise_linux:9::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-31431",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-29T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-05-01",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-669",
                    "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-02T03:55:23.146Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/theori-io/copy-fail-CVE-2026-31431"
              },
              {
                "tags": [
                  "mitigation"
                ],
                "url": "https://xint.io/blog/copy-fail-linux-distributions#the-fix-6"
              },
              {
                "tags": [
                  "mitigation"
                ],
                "url": "https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/"
              },
              {
                "tags": [
                  "mitigation"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2026-31431#cve-details-mitigation"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-01T00:00:00.000Z",
                "value": "CVE-2026-31431 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-18T17:44:54.264Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/23"
              },
              {
                "url": "https://copy.fail"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/25"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/26"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/11"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/15"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/16"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/18"
              },
              {
                "url": "https://websec.net/blog/cve-2026-31431-linux-algifaead-page-cache-write-to-root-69f38a4ccddd2db1f520f170"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/20"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/15"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/16"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/18"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/22"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/23"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/24"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/7"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/8"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/15"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/16"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/18"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/19"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/20"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/21"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/23"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/24"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/25"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/13"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/1"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/11"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/13"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/8"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/9"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/24"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/27"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/28"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/29"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/31"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/06/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/07/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/07/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/08/13"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/260001"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/18/3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T12:09:03.910Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
              }
            ],
            "x_adpType": "supplier"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_nvidia:10::el10"
                ],
                "defaultStatus": "affected",
                "product": "NVIDIA for RHEL 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.12::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.12",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.13::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.13",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.14::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.15::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.15",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.17::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.17",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.18::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.18",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.19::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.19",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.20::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.20",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.21::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.21",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.0::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.2::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CRB (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux NFV (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux NFV E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux RT (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-22T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the Linux kernel\u0027s algif_aead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive system files and escalate to root privileges."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1288",
                    "description": "Improper Validation of Consistency within Input",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T12:05:08.344Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-31431"
              },
              {
                "name": "RHBZ#2460538",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460538"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31431.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14926"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33486"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14097"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14112"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15087"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14773"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13729"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13885"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13727"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13690"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13862"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13811"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13887"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13566"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19074"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13936"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13734"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13932"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14339"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13565"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19225"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13577"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15976"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14165"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14230"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16111"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13681"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16210"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16209"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16208"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16063"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16018"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15978"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13578"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14137"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14301"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:14926: NVIDIA for RHEL 10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33486: NVIDIA for RHEL 10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14097: Red Hat OpenShift Container Platform 4.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14112: Red Hat OpenShift Container Platform 4.13"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15087: Red Hat OpenShift Container Platform 4.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14773: Red Hat OpenShift Container Platform 4.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13729: Red Hat OpenShift Container Platform 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13885: Red Hat OpenShift Container Platform 4.17"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13727: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13690: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13862: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13811: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13887: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0), Red Hat Enterprise Linux Real Time EUS (v. 10.0), Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13566: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19074: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13936: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13734: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13932: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4), Red Hat Enterprise Linux Real Time EUS (v.9.4), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14339: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6), Red Hat Enterprise Linux Real Time EUS (v.9.6), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13565: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19225: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13577: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15976: Red Hat Enterprise Linux BaseOS (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14165: Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14230: Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16111: Red Hat Enterprise Linux BaseOS E4S (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13681: Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16210: Red Hat Enterprise Linux BaseOS E4S (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16209: Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16208: Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16063: Red Hat Enterprise Linux BaseOS EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16018: Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15978: Red Hat Enterprise Linux BaseOS (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13578: Red Hat Enterprise Linux NFV (v. 8), Red Hat Enterprise Linux RT (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14137: Red Hat Enterprise Linux NFV E4S (v.9.0), Red Hat Enterprise Linux Real Time E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14301: Red Hat Enterprise Linux Real Time E4S (v.9.2), Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-22T00:00:00.000Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-22T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "kernel: crypto: algif_aead - Revert to operating out-of-place",
            "workarounds": [
              {
                "lang": "en",
                "value": "See the security bulletin for a detailed mitigation procedure."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "crypto/af_alg.c",
                "crypto/algif_aead.c",
                "crypto/algif_skcipher.c",
                "include/crypto/if_alg.h"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "893d22e0135fa394db81df88697fba6032747667",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "19d43105a97be0810edbda875f2cd03f30dc130c",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "961cfa271a918ad4ae452420e7c303149002875b",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "3115af9644c342b356f3f07a4dd1c8905cd9a6fc",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "8b88d99341f139e23bdeb1027a2a3ae10d341d82",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "ce42ee423e58dffa5ec03524054c9d8bfd4f6237",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "crypto/af_alg.c",
                "crypto/algif_aead.c",
                "crypto/algif_skcipher.c",
                "include/crypto/if_alg.h"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.14"
                },
                {
                  "lessThan": "4.14",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.254",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.204",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.170",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.137",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.85",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.22",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.19.*",
                  "status": "unaffected",
                  "version": "6.19.12",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.0",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.254",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.204",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.170",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.137",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.85",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.22",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.19.12",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings.  Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T22:08:34.612Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667"
            },
            {
              "url": "https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c"
            },
            {
              "url": "https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b"
            },
            {
              "url": "https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc"
            },
            {
              "url": "https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82"
            },
            {
              "url": "https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8"
            },
            {
              "url": "https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237"
            },
            {
              "url": "https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5"
            }
          ],
          "title": "crypto: algif_aead - Revert to operating out-of-place",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-31431",
        "datePublished": "2026-04-22T08:15:10.123Z",
        "dateReserved": "2026-03-09T15:48:24.089Z",
        "dateUpdated": "2026-07-01T12:05:08.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2017-18017 (GCVE-0-2017-18017)

    Vulnerability from cvelistv5 – Published: 2018-01-03 06:00 – Updated: 2025-01-03 12:04
    VLAI
    Summary
    The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2018/dsa-4187 vendor-advisoryx_refsource_DEBIAN
    https://usn.ubuntu.com/3583-2/ vendor-advisoryx_refsource_UBUNTU
    http://patchwork.ozlabs.org/patch/746618/ x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2018:1737 vendor-advisoryx_refsource_REDHAT
    https://www.kernel.org/pub/linux/kernel/v4.x/Chan… x_refsource_MISC
    https://lkml.org/lkml/2017/4/2/13 x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2018:1062 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1319 vendor-advisoryx_refsource_REDHAT
    https://help.ecostruxureit.com/display/public/UAD… x_refsource_CONFIRM
    https://usn.ubuntu.com/3583-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:0676 vendor-advisoryx_refsource_REDHAT
    https://bugs.launchpad.net/ubuntu/+source/linux/+… x_refsource_MISC
    https://github.com/torvalds/linux/commit/2638fd0f… x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2018:1170 vendor-advisoryx_refsource_REDHAT
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2018:1130 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/102367 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3583-1 vendor-advisoryx_refsource_UBUNTU
    https://support.f5.com/csp/article/K18352029 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3583-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.arista.com/en/support/advisories-noti… x_refsource_MISC
    https://security.netapp.com/advisory/ntap-2025010…
    Date Public
    2018-01-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-01-03T12:04:18.715Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4187",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4187"
              },
              {
                "name": "USN-3583-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3583-2/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://patchwork.ozlabs.org/patch/746618/"
              },
              {
                "name": "RHSA-2018:1737",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1737"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lkml.org/lkml/2017/4/2/13"
              },
              {
                "name": "RHSA-2018:1062",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1062"
              },
              {
                "name": "RHSA-2018:1319",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1319"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
              },
              {
                "name": "USN-3583-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3583-1/"
              },
              {
                "name": "RHSA-2018:0676",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0676"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901"
              },
              {
                "name": "RHSA-2018:1170",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1170"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901"
              },
              {
                "name": "RHSA-2018:1130",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1130"
              },
              {
                "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
              },
              {
                "name": "102367",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102367"
              },
              {
                "name": "SUSE-SU-2018:0834",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html"
              },
              {
                "name": "SUSE-SU-2018:0848",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html"
              },
              {
                "name": "SUSE-SU-2018:0383",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html"
              },
              {
                "name": "USN-3583-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3583-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K18352029"
              },
              {
                "name": "SUSE-SU-2018:0555",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html"
              },
              {
                "name": "openSUSE-SU-2018:0408",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html"
              },
              {
                "name": "SUSE-SU-2018:0986",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html"
              },
              {
                "name": "SUSE-SU-2018:0416",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html"
              },
              {
                "name": "SUSE-SU-2018:0482",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html"
              },
              {
                "name": "SUSE-SU-2018:0841",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html"
              },
              {
                "name": "USN-3583-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3583-2"
              },
              {
                "name": "SUSE-SU-2018:0660",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20250103-0010/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-01-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-08T11:33:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "DSA-4187",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4187"
            },
            {
              "name": "USN-3583-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3583-2/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://patchwork.ozlabs.org/patch/746618/"
            },
            {
              "name": "RHSA-2018:1737",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1737"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lkml.org/lkml/2017/4/2/13"
            },
            {
              "name": "RHSA-2018:1062",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1062"
            },
            {
              "name": "RHSA-2018:1319",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1319"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "USN-3583-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3583-1/"
            },
            {
              "name": "RHSA-2018:0676",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0676"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901"
            },
            {
              "name": "RHSA-2018:1170",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1170"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901"
            },
            {
              "name": "RHSA-2018:1130",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1130"
            },
            {
              "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
            },
            {
              "name": "102367",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102367"
            },
            {
              "name": "SUSE-SU-2018:0834",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html"
            },
            {
              "name": "SUSE-SU-2018:0848",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html"
            },
            {
              "name": "SUSE-SU-2018:0383",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html"
            },
            {
              "name": "USN-3583-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3583-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K18352029"
            },
            {
              "name": "SUSE-SU-2018:0555",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html"
            },
            {
              "name": "openSUSE-SU-2018:0408",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html"
            },
            {
              "name": "SUSE-SU-2018:0986",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html"
            },
            {
              "name": "SUSE-SU-2018:0416",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html"
            },
            {
              "name": "SUSE-SU-2018:0482",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html"
            },
            {
              "name": "SUSE-SU-2018:0841",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html"
            },
            {
              "name": "USN-3583-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3583-2"
            },
            {
              "name": "SUSE-SU-2018:0660",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-18017",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4187",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4187"
                },
                {
                  "name": "USN-3583-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3583-2/"
                },
                {
                  "name": "http://patchwork.ozlabs.org/patch/746618/",
                  "refsource": "MISC",
                  "url": "http://patchwork.ozlabs.org/patch/746618/"
                },
                {
                  "name": "RHSA-2018:1737",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1737"
                },
                {
                  "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36",
                  "refsource": "MISC",
                  "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36"
                },
                {
                  "name": "https://lkml.org/lkml/2017/4/2/13",
                  "refsource": "MISC",
                  "url": "https://lkml.org/lkml/2017/4/2/13"
                },
                {
                  "name": "RHSA-2018:1062",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1062"
                },
                {
                  "name": "RHSA-2018:1319",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1319"
                },
                {
                  "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
                  "refsource": "CONFIRM",
                  "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
                },
                {
                  "name": "USN-3583-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3583-1/"
                },
                {
                  "name": "RHSA-2018:0676",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0676"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765",
                  "refsource": "MISC",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901",
                  "refsource": "MISC",
                  "url": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901"
                },
                {
                  "name": "RHSA-2018:1170",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1170"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901",
                  "refsource": "MISC",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901"
                },
                {
                  "name": "RHSA-2018:1130",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1130"
                },
                {
                  "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
                },
                {
                  "name": "102367",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102367"
                },
                {
                  "name": "SUSE-SU-2018:0834",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html"
                },
                {
                  "name": "SUSE-SU-2018:0848",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html"
                },
                {
                  "name": "SUSE-SU-2018:0383",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html"
                },
                {
                  "name": "USN-3583-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3583-1"
                },
                {
                  "name": "https://support.f5.com/csp/article/K18352029",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K18352029"
                },
                {
                  "name": "SUSE-SU-2018:0555",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html"
                },
                {
                  "name": "openSUSE-SU-2018:0408",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html"
                },
                {
                  "name": "SUSE-SU-2018:0986",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html"
                },
                {
                  "name": "SUSE-SU-2018:0416",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html"
                },
                {
                  "name": "SUSE-SU-2018:0482",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html"
                },
                {
                  "name": "SUSE-SU-2018:0841",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html"
                },
                {
                  "name": "USN-3583-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3583-2"
                },
                {
                  "name": "SUSE-SU-2018:0660",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html"
                },
                {
                  "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34",
                  "refsource": "MISC",
                  "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-18017",
        "datePublished": "2018-01-03T06:00:00.000Z",
        "dateReserved": "2018-01-03T00:00:00.000Z",
        "dateUpdated": "2025-01-03T12:04:18.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3281 (GCVE-0-2015-3281)

    Vulnerability from cvelistv5 – Published: 2015-07-06 14:55 – Updated: 2024-08-06 05:39
    VLAI
    Summary
    The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2015-1741.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.haproxy.org/news.html x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2015-2666.html vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/USN-2668-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://git.haproxy.org/?p=haproxy-1.5.git%3Ba=com… x_refsource_CONFIRM
    http://www.debian.org/security/2015/dsa-3301 vendor-advisoryx_refsource_DEBIAN
    http://www.securityfocus.com/bid/75554 vdb-entryx_refsource_BID
    Date Public
    2015-07-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:39:32.116Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:1741",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-1741.html"
              },
              {
                "name": "openSUSE-SU-2015:1831",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00023.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.haproxy.org/news.html"
              },
              {
                "name": "RHSA-2015:2666",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2666.html"
              },
              {
                "name": "USN-2668-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2668-1"
              },
              {
                "name": "SUSE-SU-2015:1663",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.haproxy.org/?p=haproxy-1.5.git%3Ba=commit%3Bh=7ec765568883b2d4e5a2796adbeb492a22ec9bd4"
              },
              {
                "name": "DSA-3301",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3301"
              },
              {
                "name": "75554",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/75554"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-07-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-23T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:1741",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1741.html"
            },
            {
              "name": "openSUSE-SU-2015:1831",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00023.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.haproxy.org/news.html"
            },
            {
              "name": "RHSA-2015:2666",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2666.html"
            },
            {
              "name": "USN-2668-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2668-1"
            },
            {
              "name": "SUSE-SU-2015:1663",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.haproxy.org/?p=haproxy-1.5.git%3Ba=commit%3Bh=7ec765568883b2d4e5a2796adbeb492a22ec9bd4"
            },
            {
              "name": "DSA-3301",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3301"
            },
            {
              "name": "75554",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/75554"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-3281",
        "datePublished": "2015-07-06T14:55:00.000Z",
        "dateReserved": "2015-04-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:39:32.116Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-1739 (GCVE-0-2014-1739)

    Vulnerability from cvelistv5 – Published: 2014-06-23 10:00 – Updated: 2024-08-06 09:50
    VLAI
    Summary
    The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-06-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:50:11.338Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-2263-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2263-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1109774"
              },
              {
                "name": "SUSE-SU-2014:1316",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
              },
              {
                "name": "[oss-security] 20140615 CVE-2014-1739: Kernel Infoleak vulnerability in,media_enum_entities()",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/06/15/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/2017-04-01"
              },
              {
                "name": "USN-2261-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2261-1"
              },
              {
                "name": "USN-2264-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2264-1"
              },
              {
                "name": "68048",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/68048"
              },
              {
                "name": "SUSE-SU-2014:1319",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e6a623460e5fc960ac3ee9f946d3106233fd28d8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.6"
              },
              {
                "name": "USN-2259-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2259-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/e6a623460e5fc960ac3ee9f946d3106233fd28d8"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://speirofr.appspot.com/cve-2014-1739-kernel-infoleak-vulnerability-in-media_enum_entities.html"
              },
              {
                "name": "59597",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59597"
              },
              {
                "name": "1038201",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038201"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-06-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-20T19:57:01.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "name": "USN-2263-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2263-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1109774"
            },
            {
              "name": "SUSE-SU-2014:1316",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
            },
            {
              "name": "[oss-security] 20140615 CVE-2014-1739: Kernel Infoleak vulnerability in,media_enum_entities()",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/06/15/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/2017-04-01"
            },
            {
              "name": "USN-2261-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2261-1"
            },
            {
              "name": "USN-2264-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2264-1"
            },
            {
              "name": "68048",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/68048"
            },
            {
              "name": "SUSE-SU-2014:1319",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e6a623460e5fc960ac3ee9f946d3106233fd28d8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.6"
            },
            {
              "name": "USN-2259-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2259-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/e6a623460e5fc960ac3ee9f946d3106233fd28d8"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://speirofr.appspot.com/cve-2014-1739-kernel-infoleak-vulnerability-in-media_enum_entities.html"
            },
            {
              "name": "59597",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59597"
            },
            {
              "name": "1038201",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038201"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "ID": "CVE-2014-1739",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-2263-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2263-1"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1109774",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1109774"
                },
                {
                  "name": "SUSE-SU-2014:1316",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
                },
                {
                  "name": "[oss-security] 20140615 CVE-2014-1739: Kernel Infoleak vulnerability in,media_enum_entities()",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/06/15/1"
                },
                {
                  "name": "https://source.android.com/security/bulletin/2017-04-01",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/2017-04-01"
                },
                {
                  "name": "USN-2261-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2261-1"
                },
                {
                  "name": "USN-2264-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2264-1"
                },
                {
                  "name": "68048",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/68048"
                },
                {
                  "name": "SUSE-SU-2014:1319",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
                },
                {
                  "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e6a623460e5fc960ac3ee9f946d3106233fd28d8",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e6a623460e5fc960ac3ee9f946d3106233fd28d8"
                },
                {
                  "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.6",
                  "refsource": "CONFIRM",
                  "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.6"
                },
                {
                  "name": "USN-2259-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2259-1"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/e6a623460e5fc960ac3ee9f946d3106233fd28d8",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/e6a623460e5fc960ac3ee9f946d3106233fd28d8"
                },
                {
                  "name": "http://speirofr.appspot.com/cve-2014-1739-kernel-infoleak-vulnerability-in-media_enum_entities.html",
                  "refsource": "MISC",
                  "url": "http://speirofr.appspot.com/cve-2014-1739-kernel-infoleak-vulnerability-in-media_enum_entities.html"
                },
                {
                  "name": "59597",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59597"
                },
                {
                  "name": "1038201",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038201"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2014-1739",
        "datePublished": "2014-06-23T10:00:00.000Z",
        "dateReserved": "2014-01-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:50:11.338Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-4027 (GCVE-0-2014-4027)

    Vulnerability from cvelistv5 – Published: 2014-06-23 10:00 – Updated: 2024-08-06 11:04
    VLAI
    Summary
    The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/59134 third-party-advisoryx_refsource_SECUNIA
    https://support.f5.com/kb/en-us/solutions/public/… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=1108744 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2335-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2334-1 vendor-advisoryx_refsource_UBUNTU
    http://git.kernel.org/?p=linux/kernel/git/torvald… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/60564 third-party-advisoryx_refsource_SECUNIA
    https://github.com/torvalds/linux/commit/4442dc8a… x_refsource_CONFIRM
    http://secunia.com/advisories/59777 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/61310 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2014/06/11/1 mailing-listx_refsource_MLIST
    http://permalink.gmane.org/gmane.linux.scsi.targe… mailing-listx_refsource_MLIST
    Date Public
    2014-06-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:04:27.539Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2014:1316",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
              },
              {
                "name": "59134",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59134"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108744"
              },
              {
                "name": "USN-2335-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2335-1"
              },
              {
                "name": "USN-2334-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2334-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc"
              },
              {
                "name": "SUSE-SU-2014:1319",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
              },
              {
                "name": "60564",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60564"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc"
              },
              {
                "name": "59777",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59777"
              },
              {
                "name": "61310",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61310"
              },
              {
                "name": "[oss-security] 20140611 Re: CVE request: Linux kernel / target information leak",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/06/11/1"
              },
              {
                "name": "[target-devel] 20140616 [PATCH] target: Explicitly clear ramdisk_mcp backend pages",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-06-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-01-05T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2014:1316",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
            },
            {
              "name": "59134",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59134"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108744"
            },
            {
              "name": "USN-2335-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2335-1"
            },
            {
              "name": "USN-2334-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2334-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc"
            },
            {
              "name": "SUSE-SU-2014:1319",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
            },
            {
              "name": "60564",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60564"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc"
            },
            {
              "name": "59777",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59777"
            },
            {
              "name": "61310",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61310"
            },
            {
              "name": "[oss-security] 20140611 Re: CVE request: Linux kernel / target information leak",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/06/11/1"
            },
            {
              "name": "[target-devel] 20140616 [PATCH] target: Explicitly clear ramdisk_mcp backend pages",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-4027",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2014:1316",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
                },
                {
                  "name": "59134",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59134"
                },
                {
                  "name": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1108744",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108744"
                },
                {
                  "name": "USN-2335-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2335-1"
                },
                {
                  "name": "USN-2334-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2334-1"
                },
                {
                  "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc"
                },
                {
                  "name": "SUSE-SU-2014:1319",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
                },
                {
                  "name": "60564",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60564"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc"
                },
                {
                  "name": "59777",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59777"
                },
                {
                  "name": "61310",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61310"
                },
                {
                  "name": "[oss-security] 20140611 Re: CVE request: Linux kernel / target information leak",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/06/11/1"
                },
                {
                  "name": "[target-devel] 20140616 [PATCH] target: Explicitly clear ramdisk_mcp backend pages",
                  "refsource": "MLIST",
                  "url": "http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-4027",
        "datePublished": "2014-06-23T10:00:00.000Z",
        "dateReserved": "2014-06-11T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:04:27.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3153 (GCVE-0-2014-3153)

    Vulnerability from cvelistv5 – Published: 2014-06-07 14:00 – Updated: 2025-10-22 00:05
    VLAI CISA KEVIntel
    Summary
    The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/67906 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://openwall.com/lists/oss-security/2014/06/05/24 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/59029 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2014/dsa-2949 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/59262 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/58990 third-party-advisoryx_refsource_SECUNIA
    https://git.kernel.org/cgit/linux/kernel/git/torv… x_refsource_CONFIRM
    https://git.kernel.org/cgit/linux/kernel/git/torv… x_refsource_CONFIRM
    http://git.kernel.org/?p=linux/kernel/git/torvald… x_refsource_CONFIRM
    http://linux.oracle.com/errata/ELSA-2014-3037.html x_refsource_CONFIRM
    http://secunia.com/advisories/59153 third-party-advisoryx_refsource_SECUNIA
    http://openwall.com/lists/oss-security/2014/06/06/20 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/59309 third-party-advisoryx_refsource_SECUNIA
    https://github.com/torvalds/linux/commit/e9c243a5… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1030451 vdb-entryx_refsource_SECTRACK
    http://linux.oracle.com/errata/ELSA-2014-0771.html x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2014-0800.html vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/USN-2237-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://linux.oracle.com/errata/ELSA-2014-3039.html x_refsource_CONFIRM
    https://git.kernel.org/cgit/linux/kernel/git/torv… x_refsource_CONFIRM
    http://secunia.com/advisories/58500 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/USN-2240-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.redhat.com/show_bug.cgi?id=1103626 x_refsource_CONFIRM
    http://secunia.com/advisories/59386 third-party-advisoryx_refsource_SECUNIA
    http://www.exploit-db.com/exploits/35370 exploitx_refsource_EXPLOIT-DB
    http://secunia.com/advisories/59599 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.openwall.com/lists/oss-security/2014/0… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/59092 third-party-advisoryx_refsource_SECUNIA
    http://linux.oracle.com/errata/ELSA-2014-3038.html x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2021/02/01/4 mailing-listx_refsource_MLIST
    https://www.openwall.com/lists/oss-security/2021/… x_refsource_MISC
    https://elongl.github.io/exploitation/2021/01/08/… x_refsource_MISC
    https://github.com/elongl/CVE-2014-3153 x_refsource_MISC
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    Date Public
    2014-06-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:35:56.633Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "67906",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/67906"
              },
              {
                "name": "openSUSE-SU-2014:0878",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html"
              },
              {
                "name": "[oss-security] 20140605 Re: Linux kernel futex local privilege escalation (CVE-2014-3153)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2014/06/05/24"
              },
              {
                "name": "59029",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59029"
              },
              {
                "name": "DSA-2949",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2949"
              },
              {
                "name": "SUSE-SU-2014:1316",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
              },
              {
                "name": "SUSE-SU-2014:0796",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html"
              },
              {
                "name": "59262",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59262"
              },
              {
                "name": "58990",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/58990"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-3037.html"
              },
              {
                "name": "59153",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59153"
              },
              {
                "name": "[oss-security] 20140606 Re: Linux kernel futex local privilege escalation (CVE-2014-3153)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2014/06/06/20"
              },
              {
                "name": "59309",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59309"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8"
              },
              {
                "name": "1030451",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1030451"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
              },
              {
                "name": "SUSE-SU-2014:0775",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html"
              },
              {
                "name": "RHSA-2014:0800",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"
              },
              {
                "name": "USN-2237-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2237-1"
              },
              {
                "name": "SUSE-SU-2014:1319",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-3039.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270"
              },
              {
                "name": "58500",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/58500"
              },
              {
                "name": "USN-2240-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2240-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103626"
              },
              {
                "name": "59386",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59386"
              },
              {
                "name": "35370",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/35370"
              },
              {
                "name": "59599",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59599"
              },
              {
                "name": "SUSE-SU-2014:0837",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html"
              },
              {
                "name": "[oss-security] 20140605 Linux kernel futex local privilege escalation (CVE-2014-3153)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/06/05/22"
              },
              {
                "name": "59092",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59092"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-3038.html"
              },
              {
                "name": "[oss-security] 20210201 Re: Linux Kernel: local priv escalation via futexes",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/02/01/4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2021/02/01/4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/elongl/CVE-2014-3153"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2014-3153",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-03T14:12:20.309556Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-05-25",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-3153"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-22T00:05:37.360Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-3153"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-05-25T00:00:00.000Z",
                "value": "CVE-2014-3153 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-06-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-02T06:37:16.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "name": "67906",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/67906"
            },
            {
              "name": "openSUSE-SU-2014:0878",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html"
            },
            {
              "name": "[oss-security] 20140605 Re: Linux kernel futex local privilege escalation (CVE-2014-3153)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2014/06/05/24"
            },
            {
              "name": "59029",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59029"
            },
            {
              "name": "DSA-2949",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2949"
            },
            {
              "name": "SUSE-SU-2014:1316",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
            },
            {
              "name": "SUSE-SU-2014:0796",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html"
            },
            {
              "name": "59262",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59262"
            },
            {
              "name": "58990",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/58990"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e9c243a5a6de0be8e584c604d353412584b592f8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-3037.html"
            },
            {
              "name": "59153",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59153"
            },
            {
              "name": "[oss-security] 20140606 Re: Linux kernel futex local privilege escalation (CVE-2014-3153)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2014/06/06/20"
            },
            {
              "name": "59309",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59309"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8"
            },
            {
              "name": "1030451",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1030451"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
            },
            {
              "name": "SUSE-SU-2014:0775",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html"
            },
            {
              "name": "RHSA-2014:0800",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"
            },
            {
              "name": "USN-2237-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2237-1"
            },
            {
              "name": "SUSE-SU-2014:1319",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-3039.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270"
            },
            {
              "name": "58500",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/58500"
            },
            {
              "name": "USN-2240-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2240-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103626"
            },
            {
              "name": "59386",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59386"
            },
            {
              "name": "35370",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/35370"
            },
            {
              "name": "59599",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59599"
            },
            {
              "name": "SUSE-SU-2014:0837",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html"
            },
            {
              "name": "[oss-security] 20140605 Linux kernel futex local privilege escalation (CVE-2014-3153)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/06/05/22"
            },
            {
              "name": "59092",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59092"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-3038.html"
            },
            {
              "name": "[oss-security] 20210201 Re: Linux Kernel: local priv escalation via futexes",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/02/01/4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2021/02/01/4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/elongl/CVE-2014-3153"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "chrome-cve-admin@google.com",
              "ID": "CVE-2014-3153",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "67906",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/67906"
                },
                {
                  "name": "openSUSE-SU-2014:0878",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html"
                },
                {
                  "name": "[oss-security] 20140605 Re: Linux kernel futex local privilege escalation (CVE-2014-3153)",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2014/06/05/24"
                },
                {
                  "name": "59029",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59029"
                },
                {
                  "name": "DSA-2949",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-2949"
                },
                {
                  "name": "SUSE-SU-2014:1316",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
                },
                {
                  "name": "SUSE-SU-2014:0796",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html"
                },
                {
                  "name": "59262",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59262"
                },
                {
                  "name": "58990",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/58990"
                },
                {
                  "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e",
                  "refsource": "CONFIRM",
                  "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e"
                },
                {
                  "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339",
                  "refsource": "CONFIRM",
                  "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339"
                },
                {
                  "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e9c243a5a6de0be8e584c604d353412584b592f8",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e9c243a5a6de0be8e584c604d353412584b592f8"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-3037.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-3037.html"
                },
                {
                  "name": "59153",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59153"
                },
                {
                  "name": "[oss-security] 20140606 Re: Linux kernel futex local privilege escalation (CVE-2014-3153)",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2014/06/06/20"
                },
                {
                  "name": "59309",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59309"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8"
                },
                {
                  "name": "1030451",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1030451"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-0771.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
                },
                {
                  "name": "SUSE-SU-2014:0775",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html"
                },
                {
                  "name": "RHSA-2014:0800",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"
                },
                {
                  "name": "USN-2237-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2237-1"
                },
                {
                  "name": "SUSE-SU-2014:1319",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-3039.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-3039.html"
                },
                {
                  "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270",
                  "refsource": "CONFIRM",
                  "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270"
                },
                {
                  "name": "58500",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/58500"
                },
                {
                  "name": "USN-2240-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2240-1"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1103626",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103626"
                },
                {
                  "name": "59386",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59386"
                },
                {
                  "name": "35370",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/35370"
                },
                {
                  "name": "59599",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59599"
                },
                {
                  "name": "SUSE-SU-2014:0837",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html"
                },
                {
                  "name": "[oss-security] 20140605 Linux kernel futex local privilege escalation (CVE-2014-3153)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/06/05/22"
                },
                {
                  "name": "59092",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59092"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-3038.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-3038.html"
                },
                {
                  "name": "[oss-security] 20210201 Re: Linux Kernel: local priv escalation via futexes",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/02/01/4"
                },
                {
                  "name": "https://www.openwall.com/lists/oss-security/2021/02/01/4",
                  "refsource": "MISC",
                  "url": "https://www.openwall.com/lists/oss-security/2021/02/01/4"
                },
                {
                  "name": "https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html",
                  "refsource": "MISC",
                  "url": "https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html"
                },
                {
                  "name": "https://github.com/elongl/CVE-2014-3153",
                  "refsource": "MISC",
                  "url": "https://github.com/elongl/CVE-2014-3153"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2014-3153",
        "datePublished": "2014-06-07T14:00:00.000Z",
        "dateReserved": "2014-05-03T00:00:00.000Z",
        "dateUpdated": "2025-10-22T00:05:37.360Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3467 (GCVE-0-2014-3467)

    Vulnerability from cvelistv5 – Published: 2014-06-05 20:00 – Updated: 2024-08-06 10:43
    VLAI
    Summary
    Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/60320 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2014/dsa-3056 vendor-advisoryx_refsource_DEBIAN
    http://www.novell.com/support/kb/doc.php?id=7015302 x_refsource_CONFIRM
    http://secunia.com/advisories/59057 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://support.f5.com/kb/en-us/solutions/public/1… x_refsource_CONFIRM
    http://linux.oracle.com/errata/ELSA-2014-0596.html x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/59021 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/61888 third-party-advisoryx_refsource_SECUNIA
    http://advisories.mageia.org/MGASA-2014-0247.html x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-0815.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2014-0596.html vendor-advisoryx_refsource_REDHAT
    http://lists.gnu.org/archive/html/help-libtasn1/2… mailing-listx_refsource_MLIST
    http://www.novell.com/support/kb/doc.php?id=7015303 x_refsource_CONFIRM
    http://linux.oracle.com/errata/ELSA-2014-0594.html x_refsource_CONFIRM
    http://secunia.com/advisories/58591 third-party-advisoryx_refsource_SECUNIA
    http://rhn.redhat.com/errata/RHSA-2014-0687.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/58614 third-party-advisoryx_refsource_SECUNIA
    https://bugzilla.redhat.com/show_bug.cgi?id=1102022 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2014-0594.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/60415 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/59408 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2014-05-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:43:06.499Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "60320",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60320"
              },
              {
                "name": "DSA-3056",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3056"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/kb/doc.php?id=7015302"
              },
              {
                "name": "59057",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59057"
              },
              {
                "name": "SUSE-SU-2014:0758",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
              },
              {
                "name": "MDVSA-2015:116",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
              },
              {
                "name": "59021",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59021"
              },
              {
                "name": "61888",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61888"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0247.html"
              },
              {
                "name": "RHSA-2014:0815",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
              },
              {
                "name": "RHSA-2014:0596",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
              },
              {
                "name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/kb/doc.php?id=7015303"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
              },
              {
                "name": "58591",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/58591"
              },
              {
                "name": "RHSA-2014:0687",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
              },
              {
                "name": "58614",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/58614"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102022"
              },
              {
                "name": "SUSE-SU-2014:0788",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
              },
              {
                "name": "RHSA-2014:0594",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
              },
              {
                "name": "60415",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60415"
              },
              {
                "name": "59408",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59408"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-05-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-28T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "60320",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60320"
            },
            {
              "name": "DSA-3056",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3056"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/kb/doc.php?id=7015302"
            },
            {
              "name": "59057",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59057"
            },
            {
              "name": "SUSE-SU-2014:0758",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
            },
            {
              "name": "MDVSA-2015:116",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
            },
            {
              "name": "59021",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59021"
            },
            {
              "name": "61888",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61888"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0247.html"
            },
            {
              "name": "RHSA-2014:0815",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
            },
            {
              "name": "RHSA-2014:0596",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
            },
            {
              "name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/kb/doc.php?id=7015303"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
            },
            {
              "name": "58591",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/58591"
            },
            {
              "name": "RHSA-2014:0687",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
            },
            {
              "name": "58614",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/58614"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102022"
            },
            {
              "name": "SUSE-SU-2014:0788",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
            },
            {
              "name": "RHSA-2014:0594",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
            },
            {
              "name": "60415",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60415"
            },
            {
              "name": "59408",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59408"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2014-3467",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "60320",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60320"
                },
                {
                  "name": "DSA-3056",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3056"
                },
                {
                  "name": "http://www.novell.com/support/kb/doc.php?id=7015302",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/kb/doc.php?id=7015302"
                },
                {
                  "name": "59057",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59057"
                },
                {
                  "name": "SUSE-SU-2014:0758",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
                },
                {
                  "name": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html",
                  "refsource": "CONFIRM",
                  "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-0596.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
                },
                {
                  "name": "MDVSA-2015:116",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
                },
                {
                  "name": "59021",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59021"
                },
                {
                  "name": "61888",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61888"
                },
                {
                  "name": "http://advisories.mageia.org/MGASA-2014-0247.html",
                  "refsource": "CONFIRM",
                  "url": "http://advisories.mageia.org/MGASA-2014-0247.html"
                },
                {
                  "name": "RHSA-2014:0815",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
                },
                {
                  "name": "RHSA-2014:0596",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
                },
                {
                  "name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
                  "refsource": "MLIST",
                  "url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
                },
                {
                  "name": "http://www.novell.com/support/kb/doc.php?id=7015303",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/kb/doc.php?id=7015303"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-0594.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
                },
                {
                  "name": "58591",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/58591"
                },
                {
                  "name": "RHSA-2014:0687",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
                },
                {
                  "name": "58614",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/58614"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1102022",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102022"
                },
                {
                  "name": "SUSE-SU-2014:0788",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
                },
                {
                  "name": "RHSA-2014:0594",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
                },
                {
                  "name": "60415",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60415"
                },
                {
                  "name": "59408",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59408"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3467",
        "datePublished": "2014-06-05T20:00:00.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:43:06.499Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3468 (GCVE-0-2014-3468)

    Vulnerability from cvelistv5 – Published: 2014-06-05 20:00 – Updated: 2024-08-06 10:43
    VLAI
    Summary
    The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/60320 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2014/dsa-3056 vendor-advisoryx_refsource_DEBIAN
    http://git.savannah.gnu.org/cgit/libtasn1.git/com… x_refsource_CONFIRM
    http://www.novell.com/support/kb/doc.php?id=7015302 x_refsource_CONFIRM
    http://secunia.com/advisories/59057 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://support.f5.com/kb/en-us/solutions/public/1… x_refsource_CONFIRM
    http://linux.oracle.com/errata/ELSA-2014-0596.html x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/59021 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/61888 third-party-advisoryx_refsource_SECUNIA
    http://advisories.mageia.org/MGASA-2014-0247.html x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-0815.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2014-0596.html vendor-advisoryx_refsource_REDHAT
    http://lists.gnu.org/archive/html/help-libtasn1/2… mailing-listx_refsource_MLIST
    http://www.novell.com/support/kb/doc.php?id=7015303 x_refsource_CONFIRM
    http://linux.oracle.com/errata/ELSA-2014-0594.html x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=1102323 x_refsource_CONFIRM
    http://secunia.com/advisories/58591 third-party-advisoryx_refsource_SECUNIA
    http://rhn.redhat.com/errata/RHSA-2014-0687.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/58614 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2014-0594.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/60415 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/59408 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2014-05-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:43:06.299Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "60320",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60320"
              },
              {
                "name": "DSA-3056",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3056"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/kb/doc.php?id=7015302"
              },
              {
                "name": "59057",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59057"
              },
              {
                "name": "SUSE-SU-2014:0758",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
              },
              {
                "name": "MDVSA-2015:116",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
              },
              {
                "name": "59021",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59021"
              },
              {
                "name": "61888",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61888"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0247.html"
              },
              {
                "name": "RHSA-2014:0815",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
              },
              {
                "name": "RHSA-2014:0596",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
              },
              {
                "name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/kb/doc.php?id=7015303"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323"
              },
              {
                "name": "58591",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/58591"
              },
              {
                "name": "RHSA-2014:0687",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
              },
              {
                "name": "58614",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/58614"
              },
              {
                "name": "SUSE-SU-2014:0788",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
              },
              {
                "name": "RHSA-2014:0594",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
              },
              {
                "name": "60415",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60415"
              },
              {
                "name": "59408",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59408"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-05-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-28T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "60320",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60320"
            },
            {
              "name": "DSA-3056",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3056"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/kb/doc.php?id=7015302"
            },
            {
              "name": "59057",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59057"
            },
            {
              "name": "SUSE-SU-2014:0758",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
            },
            {
              "name": "MDVSA-2015:116",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
            },
            {
              "name": "59021",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59021"
            },
            {
              "name": "61888",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61888"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0247.html"
            },
            {
              "name": "RHSA-2014:0815",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
            },
            {
              "name": "RHSA-2014:0596",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
            },
            {
              "name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/kb/doc.php?id=7015303"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323"
            },
            {
              "name": "58591",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/58591"
            },
            {
              "name": "RHSA-2014:0687",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
            },
            {
              "name": "58614",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/58614"
            },
            {
              "name": "SUSE-SU-2014:0788",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
            },
            {
              "name": "RHSA-2014:0594",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
            },
            {
              "name": "60415",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60415"
            },
            {
              "name": "59408",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59408"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2014-3468",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "60320",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60320"
                },
                {
                  "name": "DSA-3056",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3056"
                },
                {
                  "name": "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f",
                  "refsource": "CONFIRM",
                  "url": "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f"
                },
                {
                  "name": "http://www.novell.com/support/kb/doc.php?id=7015302",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/kb/doc.php?id=7015302"
                },
                {
                  "name": "59057",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59057"
                },
                {
                  "name": "SUSE-SU-2014:0758",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
                },
                {
                  "name": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html",
                  "refsource": "CONFIRM",
                  "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-0596.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
                },
                {
                  "name": "MDVSA-2015:116",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
                },
                {
                  "name": "59021",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59021"
                },
                {
                  "name": "61888",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61888"
                },
                {
                  "name": "http://advisories.mageia.org/MGASA-2014-0247.html",
                  "refsource": "CONFIRM",
                  "url": "http://advisories.mageia.org/MGASA-2014-0247.html"
                },
                {
                  "name": "RHSA-2014:0815",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
                },
                {
                  "name": "RHSA-2014:0596",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
                },
                {
                  "name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
                  "refsource": "MLIST",
                  "url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
                },
                {
                  "name": "http://www.novell.com/support/kb/doc.php?id=7015303",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/kb/doc.php?id=7015303"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-0594.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323"
                },
                {
                  "name": "58591",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/58591"
                },
                {
                  "name": "RHSA-2014:0687",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
                },
                {
                  "name": "58614",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/58614"
                },
                {
                  "name": "SUSE-SU-2014:0788",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
                },
                {
                  "name": "RHSA-2014:0594",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
                },
                {
                  "name": "60415",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60415"
                },
                {
                  "name": "59408",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59408"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3468",
        "datePublished": "2014-06-05T20:00:00.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:43:06.299Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3469 (GCVE-0-2014-3469)

    Vulnerability from cvelistv5 – Published: 2014-06-05 20:00 – Updated: 2024-08-06 10:43
    VLAI
    Summary
    The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/60320 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2014/dsa-3056 vendor-advisoryx_refsource_DEBIAN
    http://www.novell.com/support/kb/doc.php?id=7015302 x_refsource_CONFIRM
    http://secunia.com/advisories/59057 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://linux.oracle.com/errata/ELSA-2014-0596.html x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/59021 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/61888 third-party-advisoryx_refsource_SECUNIA
    http://advisories.mageia.org/MGASA-2014-0247.html x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-0815.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=1102329 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-0596.html vendor-advisoryx_refsource_REDHAT
    http://lists.gnu.org/archive/html/help-libtasn1/2… mailing-listx_refsource_MLIST
    http://www.novell.com/support/kb/doc.php?id=7015303 x_refsource_CONFIRM
    http://linux.oracle.com/errata/ELSA-2014-0594.html x_refsource_CONFIRM
    http://secunia.com/advisories/58591 third-party-advisoryx_refsource_SECUNIA
    http://rhn.redhat.com/errata/RHSA-2014-0687.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/58614 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2014-0594.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/60415 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/59408 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2014-05-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:43:06.230Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "60320",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60320"
              },
              {
                "name": "DSA-3056",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3056"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/kb/doc.php?id=7015302"
              },
              {
                "name": "59057",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59057"
              },
              {
                "name": "SUSE-SU-2014:0758",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
              },
              {
                "name": "MDVSA-2015:116",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
              },
              {
                "name": "59021",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59021"
              },
              {
                "name": "61888",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61888"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0247.html"
              },
              {
                "name": "RHSA-2014:0815",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102329"
              },
              {
                "name": "RHSA-2014:0596",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
              },
              {
                "name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/kb/doc.php?id=7015303"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
              },
              {
                "name": "58591",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/58591"
              },
              {
                "name": "RHSA-2014:0687",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
              },
              {
                "name": "58614",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/58614"
              },
              {
                "name": "SUSE-SU-2014:0788",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
              },
              {
                "name": "RHSA-2014:0594",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
              },
              {
                "name": "60415",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60415"
              },
              {
                "name": "59408",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59408"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-05-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-28T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "60320",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60320"
            },
            {
              "name": "DSA-3056",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3056"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/kb/doc.php?id=7015302"
            },
            {
              "name": "59057",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59057"
            },
            {
              "name": "SUSE-SU-2014:0758",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
            },
            {
              "name": "MDVSA-2015:116",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
            },
            {
              "name": "59021",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59021"
            },
            {
              "name": "61888",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61888"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0247.html"
            },
            {
              "name": "RHSA-2014:0815",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102329"
            },
            {
              "name": "RHSA-2014:0596",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
            },
            {
              "name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/kb/doc.php?id=7015303"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
            },
            {
              "name": "58591",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/58591"
            },
            {
              "name": "RHSA-2014:0687",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
            },
            {
              "name": "58614",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/58614"
            },
            {
              "name": "SUSE-SU-2014:0788",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
            },
            {
              "name": "RHSA-2014:0594",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
            },
            {
              "name": "60415",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60415"
            },
            {
              "name": "59408",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59408"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2014-3469",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "60320",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60320"
                },
                {
                  "name": "DSA-3056",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3056"
                },
                {
                  "name": "http://www.novell.com/support/kb/doc.php?id=7015302",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/kb/doc.php?id=7015302"
                },
                {
                  "name": "59057",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59057"
                },
                {
                  "name": "SUSE-SU-2014:0758",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-0596.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
                },
                {
                  "name": "MDVSA-2015:116",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
                },
                {
                  "name": "59021",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59021"
                },
                {
                  "name": "61888",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61888"
                },
                {
                  "name": "http://advisories.mageia.org/MGASA-2014-0247.html",
                  "refsource": "CONFIRM",
                  "url": "http://advisories.mageia.org/MGASA-2014-0247.html"
                },
                {
                  "name": "RHSA-2014:0815",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1102329",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102329"
                },
                {
                  "name": "RHSA-2014:0596",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
                },
                {
                  "name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
                  "refsource": "MLIST",
                  "url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
                },
                {
                  "name": "http://www.novell.com/support/kb/doc.php?id=7015303",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/kb/doc.php?id=7015303"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-0594.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
                },
                {
                  "name": "58591",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/58591"
                },
                {
                  "name": "RHSA-2014:0687",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
                },
                {
                  "name": "58614",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/58614"
                },
                {
                  "name": "SUSE-SU-2014:0788",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
                },
                {
                  "name": "RHSA-2014:0594",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
                },
                {
                  "name": "60415",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60415"
                },
                {
                  "name": "59408",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59408"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-3469",
        "datePublished": "2014-06-05T20:00:00.000Z",
        "dateReserved": "2014-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:43:06.230Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-1737 (GCVE-0-2014-1737)

    Vulnerability from cvelistv5 – Published: 2014-05-11 21:00 – Updated: 2024-08-06 09:50
    VLAI
    Summary
    The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/67300 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/59262 third-party-advisoryx_refsource_SECUNIA
    http://git.kernel.org/?p=linux/kernel/git/torvald… x_refsource_CONFIRM
    http://secunia.com/advisories/59309 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/59406 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2014/dsa-2928 vendor-advisoryx_refsource_DEBIAN
    https://bugzilla.redhat.com/show_bug.cgi?id=1094299 x_refsource_CONFIRM
    http://linux.oracle.com/errata/ELSA-2014-0771.html x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-0800.html vendor-advisoryx_refsource_REDHAT
    http://www.openwall.com/lists/oss-security/2014/05/09/2 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/59599 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2014/dsa-2926 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securitytracker.com/id/1030474 vdb-entryx_refsource_SECTRACK
    http://linux.oracle.com/errata/ELSA-2014-3043.html x_refsource_CONFIRM
    https://github.com/torvalds/linux/commit/ef87dbe7… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-0801.html vendor-advisoryx_refsource_REDHAT
    Date Public
    2014-05-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:50:11.078Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "67300",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/67300"
              },
              {
                "name": "SUSE-SU-2014:0683",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"
              },
              {
                "name": "59262",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59262"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c"
              },
              {
                "name": "59309",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59309"
              },
              {
                "name": "59406",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59406"
              },
              {
                "name": "DSA-2928",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2928"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
              },
              {
                "name": "RHSA-2014:0800",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"
              },
              {
                "name": "[oss-security] 20140509 Linux kernel floppy ioctl kernel code execution",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/05/09/2"
              },
              {
                "name": "59599",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59599"
              },
              {
                "name": "DSA-2926",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2926"
              },
              {
                "name": "SUSE-SU-2014:0667",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"
              },
              {
                "name": "1030474",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1030474"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/ef87dbe7614341c2e7bfe8d32fcb7028cc97442c"
              },
              {
                "name": "RHSA-2014:0801",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0801.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-05-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-20T19:57:01.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "name": "67300",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/67300"
            },
            {
              "name": "SUSE-SU-2014:0683",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"
            },
            {
              "name": "59262",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59262"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c"
            },
            {
              "name": "59309",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59309"
            },
            {
              "name": "59406",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59406"
            },
            {
              "name": "DSA-2928",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2928"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
            },
            {
              "name": "RHSA-2014:0800",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"
            },
            {
              "name": "[oss-security] 20140509 Linux kernel floppy ioctl kernel code execution",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/05/09/2"
            },
            {
              "name": "59599",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59599"
            },
            {
              "name": "DSA-2926",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2926"
            },
            {
              "name": "SUSE-SU-2014:0667",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"
            },
            {
              "name": "1030474",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1030474"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/ef87dbe7614341c2e7bfe8d32fcb7028cc97442c"
            },
            {
              "name": "RHSA-2014:0801",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0801.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "ID": "CVE-2014-1737",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "67300",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/67300"
                },
                {
                  "name": "SUSE-SU-2014:0683",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"
                },
                {
                  "name": "59262",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59262"
                },
                {
                  "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c"
                },
                {
                  "name": "59309",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59309"
                },
                {
                  "name": "59406",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59406"
                },
                {
                  "name": "DSA-2928",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-2928"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-0771.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
                },
                {
                  "name": "RHSA-2014:0800",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"
                },
                {
                  "name": "[oss-security] 20140509 Linux kernel floppy ioctl kernel code execution",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/05/09/2"
                },
                {
                  "name": "59599",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59599"
                },
                {
                  "name": "DSA-2926",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-2926"
                },
                {
                  "name": "SUSE-SU-2014:0667",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"
                },
                {
                  "name": "1030474",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1030474"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-3043.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/ef87dbe7614341c2e7bfe8d32fcb7028cc97442c",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/ef87dbe7614341c2e7bfe8d32fcb7028cc97442c"
                },
                {
                  "name": "RHSA-2014:0801",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0801.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2014-1737",
        "datePublished": "2014-05-11T21:00:00.000Z",
        "dateReserved": "2014-01-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:50:11.078Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-1738 (GCVE-0-2014-1738)

    Vulnerability from cvelistv5 – Published: 2014-05-11 21:00 – Updated: 2024-08-06 09:50
    VLAI
    Summary
    The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/bid/67302 vdb-entryx_refsource_BID
    http://secunia.com/advisories/59262 third-party-advisoryx_refsource_SECUNIA
    http://git.kernel.org/?p=linux/kernel/git/torvald… x_refsource_CONFIRM
    http://secunia.com/advisories/59309 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/59406 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2014/dsa-2928 vendor-advisoryx_refsource_DEBIAN
    https://bugzilla.redhat.com/show_bug.cgi?id=1094299 x_refsource_CONFIRM
    http://linux.oracle.com/errata/ELSA-2014-0771.html x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-0800.html vendor-advisoryx_refsource_REDHAT
    http://www.openwall.com/lists/oss-security/2014/05/09/2 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/59599 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2014/dsa-2926 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://github.com/torvalds/linux/commit/2145e15e… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1030474 vdb-entryx_refsource_SECTRACK
    http://linux.oracle.com/errata/ELSA-2014-3043.html x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2014-0801.html vendor-advisoryx_refsource_REDHAT
    Date Public
    2014-05-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:50:11.164Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2014:0683",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"
              },
              {
                "name": "67302",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/67302"
              },
              {
                "name": "59262",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59262"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2145e15e0557a01b9195d1c7199a1b92cb9be81f"
              },
              {
                "name": "59309",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59309"
              },
              {
                "name": "59406",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59406"
              },
              {
                "name": "DSA-2928",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2928"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
              },
              {
                "name": "RHSA-2014:0800",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"
              },
              {
                "name": "[oss-security] 20140509 Linux kernel floppy ioctl kernel code execution",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/05/09/2"
              },
              {
                "name": "59599",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59599"
              },
              {
                "name": "DSA-2926",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2926"
              },
              {
                "name": "SUSE-SU-2014:0667",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f"
              },
              {
                "name": "1030474",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1030474"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html"
              },
              {
                "name": "RHSA-2014:0801",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-0801.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-05-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-20T19:57:01.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "name": "SUSE-SU-2014:0683",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"
            },
            {
              "name": "67302",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/67302"
            },
            {
              "name": "59262",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59262"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2145e15e0557a01b9195d1c7199a1b92cb9be81f"
            },
            {
              "name": "59309",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59309"
            },
            {
              "name": "59406",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59406"
            },
            {
              "name": "DSA-2928",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2928"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
            },
            {
              "name": "RHSA-2014:0800",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"
            },
            {
              "name": "[oss-security] 20140509 Linux kernel floppy ioctl kernel code execution",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/05/09/2"
            },
            {
              "name": "59599",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59599"
            },
            {
              "name": "DSA-2926",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2926"
            },
            {
              "name": "SUSE-SU-2014:0667",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f"
            },
            {
              "name": "1030474",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1030474"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html"
            },
            {
              "name": "RHSA-2014:0801",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0801.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "ID": "CVE-2014-1738",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2014:0683",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"
                },
                {
                  "name": "67302",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/67302"
                },
                {
                  "name": "59262",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59262"
                },
                {
                  "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2145e15e0557a01b9195d1c7199a1b92cb9be81f",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2145e15e0557a01b9195d1c7199a1b92cb9be81f"
                },
                {
                  "name": "59309",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59309"
                },
                {
                  "name": "59406",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59406"
                },
                {
                  "name": "DSA-2928",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-2928"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-0771.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
                },
                {
                  "name": "RHSA-2014:0800",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"
                },
                {
                  "name": "[oss-security] 20140509 Linux kernel floppy ioctl kernel code execution",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/05/09/2"
                },
                {
                  "name": "59599",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59599"
                },
                {
                  "name": "DSA-2926",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-2926"
                },
                {
                  "name": "SUSE-SU-2014:0667",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f"
                },
                {
                  "name": "1030474",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1030474"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-3043.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html"
                },
                {
                  "name": "RHSA-2014:0801",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-0801.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2014-1738",
        "datePublished": "2014-05-11T21:00:00.000Z",
        "dateReserved": "2014-01-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:50:11.164Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-2706 (GCVE-0-2014-2706)

    Vulnerability from cvelistv5 – Published: 2014-04-14 23:00 – Updated: 2024-08-06 10:21
    VLAI
    Summary
    Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-02-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:21:36.015Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SU-2014:1316",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/2017-04-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-3052.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1083512"
              },
              {
                "name": "60613",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60613"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.kernel.org/show_bug.cgi?id=70551#c18"
              },
              {
                "name": "SUSE-SU-2014:1319",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1d147bfa64293b2723c4fec50922168658e613ba"
              },
              {
                "name": "[oss-security] 20140401 Re: CVE request: Linux Kernel, two security issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/04/01/8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/1d147bfa64293b2723c4fec50922168658e613ba"
              },
              {
                "name": "66591",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/66591"
              },
              {
                "name": "1038201",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038201"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-02-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SU-2014:1316",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/2017-04-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-3052.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1083512"
            },
            {
              "name": "60613",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60613"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.kernel.org/show_bug.cgi?id=70551#c18"
            },
            {
              "name": "SUSE-SU-2014:1319",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1d147bfa64293b2723c4fec50922168658e613ba"
            },
            {
              "name": "[oss-security] 20140401 Re: CVE request: Linux Kernel, two security issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/04/01/8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/1d147bfa64293b2723c4fec50922168658e613ba"
            },
            {
              "name": "66591",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/66591"
            },
            {
              "name": "1038201",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038201"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-2706",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SU-2014:1316",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
                },
                {
                  "name": "https://source.android.com/security/bulletin/2017-04-01",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/2017-04-01"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-3052.html",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-3052.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1083512",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1083512"
                },
                {
                  "name": "60613",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60613"
                },
                {
                  "name": "https://bugzilla.kernel.org/show_bug.cgi?id=70551#c18",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.kernel.org/show_bug.cgi?id=70551#c18"
                },
                {
                  "name": "SUSE-SU-2014:1319",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
                },
                {
                  "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1d147bfa64293b2723c4fec50922168658e613ba",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1d147bfa64293b2723c4fec50922168658e613ba"
                },
                {
                  "name": "[oss-security] 20140401 Re: CVE request: Linux Kernel, two security issues",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/04/01/8"
                },
                {
                  "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7",
                  "refsource": "CONFIRM",
                  "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/1d147bfa64293b2723c4fec50922168658e613ba",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/1d147bfa64293b2723c4fec50922168658e613ba"
                },
                {
                  "name": "66591",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/66591"
                },
                {
                  "name": "1038201",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038201"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-2706",
        "datePublished": "2014-04-14T23:00:00.000Z",
        "dateReserved": "2014-04-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:21:36.015Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-2323 (GCVE-0-2014-2323)

    Vulnerability from cvelistv5 – Published: 2014-03-14 15:00 – Updated: 2024-08-06 10:06
    VLAI
    Summary
    SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.lighttpd.net/2014/3/12/1.4.35/ x_refsource_CONFIRM
    http://download.lighttpd.net/lighttpd/security/li… x_refsource_CONFIRM
    http://www.debian.org/security/2014/dsa-2877 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/57514 third-party-advisoryx_refsource_SECUNIA
    http://marc.info/?l=bugtraq&m=141576815022399&w=2 vendor-advisoryx_refsource_HP
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/57404 third-party-advisoryx_refsource_SECUNIA
    http://seclists.org/oss-sec/2014/q1/564 mailing-listx_refsource_MLIST
    http://seclists.org/oss-sec/2014/q1/561 mailing-listx_refsource_MLIST
    http://jvn.jp/en/jp/JVN37417423/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2014-03-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:06:00.483Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.lighttpd.net/2014/3/12/1.4.35/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt"
              },
              {
                "name": "DSA-2877",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2877"
              },
              {
                "name": "openSUSE-SU-2014:0449",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html"
              },
              {
                "name": "57514",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/57514"
              },
              {
                "name": "HPSBGN03191",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2"
              },
              {
                "name": "openSUSE-SU-2014:0496",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html"
              },
              {
                "name": "SUSE-SU-2014:0474",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html"
              },
              {
                "name": "57404",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/57404"
              },
              {
                "name": "[oss-security] 20140312 Re: lighttpd 1.4.34 SQL injection and path traversal CVE request",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q1/564"
              },
              {
                "name": "[oss-security] 20140312 lighttpd 1.4.34 SQL injection and path traversal CVE request",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q1/561"
              },
              {
                "name": "JVN#37417423",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN37417423/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-03-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-19T04:06:07.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.lighttpd.net/2014/3/12/1.4.35/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt"
            },
            {
              "name": "DSA-2877",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2877"
            },
            {
              "name": "openSUSE-SU-2014:0449",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html"
            },
            {
              "name": "57514",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/57514"
            },
            {
              "name": "HPSBGN03191",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2014:0496",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html"
            },
            {
              "name": "SUSE-SU-2014:0474",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html"
            },
            {
              "name": "57404",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/57404"
            },
            {
              "name": "[oss-security] 20140312 Re: lighttpd 1.4.34 SQL injection and path traversal CVE request",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q1/564"
            },
            {
              "name": "[oss-security] 20140312 lighttpd 1.4.34 SQL injection and path traversal CVE request",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q1/561"
            },
            {
              "name": "JVN#37417423",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN37417423/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-2323",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.lighttpd.net/2014/3/12/1.4.35/",
                  "refsource": "CONFIRM",
                  "url": "http://www.lighttpd.net/2014/3/12/1.4.35/"
                },
                {
                  "name": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt",
                  "refsource": "CONFIRM",
                  "url": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt"
                },
                {
                  "name": "DSA-2877",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-2877"
                },
                {
                  "name": "openSUSE-SU-2014:0449",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html"
                },
                {
                  "name": "57514",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/57514"
                },
                {
                  "name": "HPSBGN03191",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2"
                },
                {
                  "name": "openSUSE-SU-2014:0496",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html"
                },
                {
                  "name": "SUSE-SU-2014:0474",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html"
                },
                {
                  "name": "57404",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/57404"
                },
                {
                  "name": "[oss-security] 20140312 Re: lighttpd 1.4.34 SQL injection and path traversal CVE request",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q1/564"
                },
                {
                  "name": "[oss-security] 20140312 lighttpd 1.4.34 SQL injection and path traversal CVE request",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q1/561"
                },
                {
                  "name": "JVN#37417423",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN37417423/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-2323",
        "datePublished": "2014-03-14T15:00:00.000Z",
        "dateReserved": "2014-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:06:00.483Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-2324 (GCVE-0-2014-2324)

    Vulnerability from cvelistv5 – Published: 2014-03-14 15:00 – Updated: 2024-08-06 10:06
    VLAI
    Summary
    Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.lighttpd.net/2014/3/12/1.4.35/ x_refsource_CONFIRM
    http://www.securityfocus.com/bid/66157 vdb-entryx_refsource_BID
    http://download.lighttpd.net/lighttpd/security/li… x_refsource_CONFIRM
    http://www.debian.org/security/2014/dsa-2877 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/57514 third-party-advisoryx_refsource_SECUNIA
    http://marc.info/?l=bugtraq&m=141576815022399&w=2 vendor-advisoryx_refsource_HP
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/57404 third-party-advisoryx_refsource_SECUNIA
    http://seclists.org/oss-sec/2014/q1/564 mailing-listx_refsource_MLIST
    http://seclists.org/oss-sec/2014/q1/561 mailing-listx_refsource_MLIST
    http://jvn.jp/en/jp/JVN37417423/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2014-03-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:06:00.322Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.lighttpd.net/2014/3/12/1.4.35/"
              },
              {
                "name": "66157",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/66157"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt"
              },
              {
                "name": "DSA-2877",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2877"
              },
              {
                "name": "openSUSE-SU-2014:0449",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html"
              },
              {
                "name": "57514",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/57514"
              },
              {
                "name": "HPSBGN03191",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2"
              },
              {
                "name": "openSUSE-SU-2014:0496",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html"
              },
              {
                "name": "SUSE-SU-2014:0474",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html"
              },
              {
                "name": "57404",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/57404"
              },
              {
                "name": "[oss-security] 20140312 Re: lighttpd 1.4.34 SQL injection and path traversal CVE request",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q1/564"
              },
              {
                "name": "[oss-security] 20140312 lighttpd 1.4.34 SQL injection and path traversal CVE request",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q1/561"
              },
              {
                "name": "JVN#37417423",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN37417423/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-03-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-19T04:06:10.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.lighttpd.net/2014/3/12/1.4.35/"
            },
            {
              "name": "66157",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/66157"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt"
            },
            {
              "name": "DSA-2877",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2877"
            },
            {
              "name": "openSUSE-SU-2014:0449",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html"
            },
            {
              "name": "57514",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/57514"
            },
            {
              "name": "HPSBGN03191",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2014:0496",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html"
            },
            {
              "name": "SUSE-SU-2014:0474",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html"
            },
            {
              "name": "57404",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/57404"
            },
            {
              "name": "[oss-security] 20140312 Re: lighttpd 1.4.34 SQL injection and path traversal CVE request",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q1/564"
            },
            {
              "name": "[oss-security] 20140312 lighttpd 1.4.34 SQL injection and path traversal CVE request",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q1/561"
            },
            {
              "name": "JVN#37417423",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN37417423/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-2324",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.lighttpd.net/2014/3/12/1.4.35/",
                  "refsource": "CONFIRM",
                  "url": "http://www.lighttpd.net/2014/3/12/1.4.35/"
                },
                {
                  "name": "66157",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/66157"
                },
                {
                  "name": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt",
                  "refsource": "CONFIRM",
                  "url": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt"
                },
                {
                  "name": "DSA-2877",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-2877"
                },
                {
                  "name": "openSUSE-SU-2014:0449",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html"
                },
                {
                  "name": "57514",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/57514"
                },
                {
                  "name": "HPSBGN03191",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2"
                },
                {
                  "name": "openSUSE-SU-2014:0496",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html"
                },
                {
                  "name": "SUSE-SU-2014:0474",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html"
                },
                {
                  "name": "57404",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/57404"
                },
                {
                  "name": "[oss-security] 20140312 Re: lighttpd 1.4.34 SQL injection and path traversal CVE request",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q1/564"
                },
                {
                  "name": "[oss-security] 20140312 lighttpd 1.4.34 SQL injection and path traversal CVE request",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q1/561"
                },
                {
                  "name": "JVN#37417423",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN37417423/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-2324",
        "datePublished": "2014-03-14T15:00:00.000Z",
        "dateReserved": "2014-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:06:00.322Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-3301 (GCVE-0-2013-3301)

    Vulnerability from cvelistv5 – Published: 2013-04-29 10:00 – Updated: 2024-08-06 16:07
    VLAI
    Summary
    The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-04-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:07:37.739Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.8"
              },
              {
                "name": "USN-1834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1834-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/6a76f8c0ab19f215af2a3442870eeb5f0e81998d"
              },
              {
                "name": "RHSA-2013:1051",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-1051.html"
              },
              {
                "name": "SUSE-SU-2013:1473",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"
              },
              {
                "name": "[oss-security] 20130415 CVE request - Linux kernel: tracing NULL pointer dereference",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/04/15/1"
              },
              {
                "name": "USN-1835-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1835-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6a76f8c0ab19f215af2a3442870eeb5f0e81998d"
              },
              {
                "name": "USN-1838-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1838-1"
              },
              {
                "name": "openSUSE-SU-2013:1971",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
              },
              {
                "name": "USN-1836-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1836-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952197"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-02-05T15:57:02.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.8"
            },
            {
              "name": "USN-1834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1834-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/6a76f8c0ab19f215af2a3442870eeb5f0e81998d"
            },
            {
              "name": "RHSA-2013:1051",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1051.html"
            },
            {
              "name": "SUSE-SU-2013:1473",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"
            },
            {
              "name": "[oss-security] 20130415 CVE request - Linux kernel: tracing NULL pointer dereference",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/04/15/1"
            },
            {
              "name": "USN-1835-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1835-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6a76f8c0ab19f215af2a3442870eeb5f0e81998d"
            },
            {
              "name": "USN-1838-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1838-1"
            },
            {
              "name": "openSUSE-SU-2013:1971",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
            },
            {
              "name": "USN-1836-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1836-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952197"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-3301",
        "datePublished": "2013-04-29T10:00:00.000Z",
        "dateReserved": "2013-04-28T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:07:37.739Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }