CVE-2014-2851 kernel: net: ping: refcount issue in ping_init_sock() function

Solution Unverified - Updated -

Issue

The MITRE CVE dictionary, which is external to Red Hat, describes this issue as follows:

Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.

More detail related to this CVE can be found under the following external resourcse, from the MITRE CVE dictionary and NIST NVD. Please note, as these URLs are external to Red Hat, we cannot validate the contents.

Environment

  • Red Hat Enterprise Linux (RHEL) 6
  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise MRG 2

Please note; this issue does not affect Linux kernel packages as shipped with Red Hat Enterprise Linux 5.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content