Main Vulnerability Database Vulnerabilities #VU41949

Cryptographic issues in Linux kernel - CVE-2014-0102

Published: March 11, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41949

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2014-0102

CWE-ID: CWE-310

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.

The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service (OOPS) via crafted keyctl commands.

How to mitigate CVE-2014-0102

Install update from vendor's website.

Sources

http://lkml.org/lkml/2014/2/27/507
http://www.kernelhub.org/?msg=425013&p=2
http://www.openwall.com/lists/oss-security/2014/03/04/21
https://bugzilla.redhat.com/show_bug.cgi?id=1072419

Cryptographic issues in Linux kernel - CVE-2014-0102

Detailed vulnerability description

How to mitigate CVE-2014-0102

Sources

Please verify you're human