CVE-2014-0181

Impact:
Moderate
Public Date:
2014-04-23
Bugzilla:
1094265: CVE-2014-0181 kernel: net: insufficient permision checks of netlink messages
It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process.

Find out more about CVE-2014-0181 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 1.2
Base Metrics AV:L/AC:H/Au:N/C:N/I:P/A:N
Access Vector Local
Access Complexity High
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (kernel) RHSA-2014:1959 2014-12-04
Red Hat Enterprise Linux 6 (kernel) RHSA-2014:1392 2014-10-13
Red Hat Enterprise Linux 7 (kernel) RHSA-2014:1023 2014-08-06
Red Hat MRG Grid for RHEL 6 Server v.2 (kernel-rt) RHSA-2014:0913 2014-07-22

Acknowledgements

Red Hat would like to thank Andy Lutomirski for reporting this issue.
Last Modified