CVE-2014-6417
Published Sep 28, 2014
Last updated a year ago
Overview
- Description
- net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 6.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:C
Weaknesses
- nvd@nist.gov
- CWE-399
Social media
- Hype score
- Not currently trending
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "646008CC-82A3-42AD-A833-94B1D195BA73", "versionEndExcluding": "3.4.105" }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "093BBE75-4634-4D07-9EEB-7B7054AE3B6C", "versionEndExcluding": "3.10.55", "versionStartIncluding": "3.5" }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBF71F21-E234-4CDD-87E7-D0F9ADDEFAD3", "versionEndExcluding": "3.12.29", "versionStartIncluding": "3.11" }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC374559-3F85-41BF-A19D-10E2C20A83F1", "versionEndExcluding": "3.14.19", "versionStartIncluding": "3.13" }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED968306-E23D-47D4-A2D0-533309AE355C", "versionEndExcluding": "3.16.3", "versionStartIncluding": "3.15" } ], "operator": "OR" } ] } ]