|Bugzilla:||1096775: CVE-2014-3144 CVE-2014-3145 Kernel: filter: prevent nla extensions to peek beyond the end of the message|
The MITRE CVE dictionary describes this issue as:
The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced.
This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|MRG Grid for RHEL 6 Server v.2 (kernel-rt)||RHSA-2014:0913||July 22, 2014|
|Red Hat Enterprise Linux version 6 (kernel)||RHSA-2014:0981||July 29, 2014|
|Red Hat Enterprise Linux version 7 (kernel)||RHSA-2014:0786||June 24, 2014|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.