CVE-2014-4943

Published Jul 19, 2014

Last updated 3 months ago

CVSS info 6.9

Overview

Description: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.9
Impact score: 10
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-269

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9EE231C1-9704-48DF-A69C-D7D54025D1FE",
            "versionEndExcluding": "3.2.62",
            "versionStartIncluding": "2.6.23"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15D06E25-126B-41A6-B67F-CBB01FE38B65",
            "versionEndExcluding": "3.4.102",
            "versionStartIncluding": "3.3"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E587850-EE7E-4854-9233-D0661A9B6FDC",
            "versionEndExcluding": "3.10.52",
            "versionStartIncluding": "3.5"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "958A3619-3689-4544-8F01-6354F9883892",
            "versionEndExcluding": "3.12.27",
            "versionStartIncluding": "3.11"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "342BFE02-0C37-49C8-AC2D-EE3CB8F83D4B",
            "versionEndExcluding": "3.14.16",
            "versionStartIncluding": "3.13"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32F9A8B9-E6E9-4C19-8AEE-3F5A6980E1C5",
            "versionEndExcluding": "3.15.9",
            "versionStartIncluding": "3.15"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B072472-B463-4647-885D-E40B0115C810"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD6D0378-F0F4-4AAA-80AF-8287C790EC96"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References