Information disclosure in Linux kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2014-7284 |
| CWE-ID | CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Information disclosure
EUVDB-ID: #VU41225
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-7284
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate or delete data.
The net_get_random_once implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote attackers to spoof or disrupt IP communication by leveraging the predictability of TCP sequence numbers, TCP and UDP port numbers, and IP ID values.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 3.13.1 - 3.14.4
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:3.13.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.13.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.13.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.13.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.13.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.13.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.13.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.13.8:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.13.9:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.13.10:*:*:*:*:*:*:*
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3d4405226d27b3a215e4d03cfa51f536244e5de7
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5
https://www.openwall.com/lists/oss-security/2014/10/01/19
https://bugzilla.redhat.com/show_bug.cgi?id=1148788
https://github.com/torvalds/linux/commit/3d4405226d27b3a215e4d03cfa51f536244e5de7
https://web.archive.org/web/20141002163852/
https://secondlookforensics.com/ngro-linux-kernel-bug/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
