CVE-2014-3180

Published: 11/6/2019 Last updated: 8/6/2024 Reserved: 5/3/2014

In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable

CNA assigner: Chrome (ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28) Requested by: n/a

Opam packages affected (29)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes ortools_solvers orun rawlink rawlink-eio rawlink-lwt restricted shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (2)

Product	Vendor	Version
kernel	Linux	< 5059ea98d7bc133903d3e47ab36df6ed11d0c95f
kernel	Linux	< 566b143aa5112a0c2784e20603778518bb799537

References (8)

https://bugs.chromium.org/p/chromium/issues/detail?id=408827
https://lkml.org/lkml/2014/9/7/29
https://bugs.chromium.org/p/chromium/issues/detail?id=408827
https://lkml.org/lkml/2014/9/7/29
https://bugs.chromium.org/p/chromium/issues/detail?id=408827
https://lkml.org/lkml/2014/9/7/29
https://bugs.chromium.org/p/chromium/issues/detail?id=408827
https://lkml.org/lkml/2014/9/7/29