#VU42054 Input validation error in Linux kernel


Published: 2020-08-11 | Updated: 2020-08-21

Vulnerability identifier: #VU42054

Vulnerability risk: High

CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2014-0038

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 3.0 - 3.0.68, 3.1 - 3.1.10, 3.2 - 3.2.30, 3.3 - 3.3.8, 3.4 - 3.4.32, 3.5.1 - 3.5.7, 3.6 - 3.6.11, 3.7 - 3.7.10, 3.8.0 - 3.8.13, 3.9 - 3.9.11, 3.10 - 3.10.29, 3.11 - 3.11.10, 3.12 - 3.12.10, 3.13

External links
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2def2ef2ae5f3990aabdbe8a755911902707d268
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html
http://pastebin.com/raw.php?i=DH3Lbg54
http://secunia.com/advisories/56669
http://www.exploit-db.com/exploits/31346
http://www.exploit-db.com/exploits/31347
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.2
http://www.mandriva.com/security/advisories?name=MDVSA-2014:038
http://www.openwall.com/lists/oss-security/2014/01/31/2
http://www.securityfocus.com/bid/65255
http://www.ubuntu.com/usn/USN-2094-1
http://www.ubuntu.com/usn/USN-2095-1
http://www.ubuntu.com/usn/USN-2096-1
http://bugzilla.redhat.com/show_bug.cgi?id=1060023
http://code.google.com/p/chromium/issues/detail?id=338594
http://github.com/saelo/cve-2014-0038
http://github.com/torvalds/linux/commit/2def2ef2ae5f3990aabdbe8a755911902707d268
http://www.exploit-db.com/exploits/40503/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.


Latest bulletins with this vulnerability


SUSE Linux update for the Linux Kernel
SUSE Linux update for the Linux Kernel
Input validation error in Linux kernel