CVE-2014-9914

Published: 2/7/2017 Last updated: 8/6/2024 Reserved: 12/26/2016

Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets.

CNA assigner: google_android (baff130e-b8d5-4e15-b3d3-c3cf5d5545c6) Requested by: n/a

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (1)

Product	Vendor	Version
n/a	n/a	All versions

References (12)

http://www.securitytracker.com/id/1037798
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9709674e68646cee5a24e3000b3558d25412203a
http://source.android.com/security/bulletin/2017-02-01.html
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2
http://www.securityfocus.com/bid/96100
https://github.com/torvalds/linux/commit/9709674e68646cee5a24e3000b3558d25412203a
http://www.securitytracker.com/id/1037798
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9709674e68646cee5a24e3000b3558d25412203a
http://source.android.com/security/bulletin/2017-02-01.html
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2
http://www.securityfocus.com/bid/96100
https://github.com/torvalds/linux/commit/9709674e68646cee5a24e3000b3558d25412203a