CVE-2014-3631

Related Files

Linux CVE-2014-3631 Proof Of Concept

Posted Mar 2, 2015

Authored by Emeric Nasi

The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation.

tags | exploit, denial of service, kernel, local

systems | linux

advisories | CVE-2014-3631

SHA-256 | aa1298ddf2533503468e7415c2de8808d48b8fac52f00905dd6dbef860a455f8

Download | Favorite | View

Red Hat Security Advisory 2014-1971-01

Posted Dec 9, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1971-01 - A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks. A remote attacker could use either of these flaws to crash the system. A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.

tags | advisory, remote, denial of service, kernel

systems | linux, redhat

advisories | CVE-2013-2929, CVE-2014-1739, CVE-2014-3181, CVE-2014-3182, CVE-2014-3184, CVE-2014-3185, CVE-2014-3186, CVE-2014-3631, CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-4027, CVE-2014-4652, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-5045, CVE-2014-6410

SHA-256 | 259b2a7a6414f480013fd35c56afb4dd38c3314536fa54e70f0ac1b44239b896

Download | Favorite | View

Ubuntu Security Notice USN-2379-1

Posted Oct 9, 2014

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2379-1 - Steven Vittitoe reported multiple stack buffer overflows in Linux kernel's magicmouse HID driver. A physically proximate attacker could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code via specially crafted devices. Ben Hawkes reported some off by one errors for report descriptors in the Linux kernel's HID stack. A physically proximate attacker could exploit these flaws to cause a denial of service (out-of-bounds write) via a specially crafted device. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel

systems | linux, ubuntu

advisories | CVE-2014-3181, CVE-2014-3184, CVE-2014-3185, CVE-2014-3186, CVE-2014-3631, CVE-2014-6410, CVE-2014-6416, CVE-2014-6417, CVE-2014-6418

SHA-256 | 216aab1ac8b1c5f5fa320e1812013bd6082c5c0d0b1cd7b24acb25ab21d04946

Download | Favorite | View

Ubuntu Security Notice USN-2378-1

Posted Oct 9, 2014

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2378-1 - Steven Vittitoe reported multiple stack buffer overflows in Linux kernel's magicmouse HID driver. A physically proximate attacker could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code via specially crafted devices. Ben Hawkes reported some off by one errors for report descriptors in the Linux kernel's HID stack. A physically proximate attacker could exploit these flaws to cause a denial of service (out-of-bounds write) via a specially crafted device. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel

systems | linux, ubuntu

advisories | CVE-2014-3181, CVE-2014-3184, CVE-2014-3185, CVE-2014-3186, CVE-2014-3631, CVE-2014-6410, CVE-2014-6416, CVE-2014-6417, CVE-2014-6418

SHA-256 | aa7d6fa2cad88994360eaa91e59cb61f822dbcc59854491f5ca6070c59e4a697

Download | Favorite | View