CVE-2014-8173

Current Description

The pmd_none_or_trans_huge_or_clear_bad function in include/asm-generic/pgtable.h in the Linux kernel before 3.13 on NUMA systems does not properly determine whether a Page Middle Directory (PMD) entry is a transparent huge-table entry, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted MADV_WILLNEED madvise system call that leverages the absence of a page-table lock.

Evaluator Description

CWE-476: NULL Pointer Dereference

Basic Data

PublishedMarch 16, 2015
Last ModifiedJanuary 03, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.2
SeverityHIGH
Exploitability Score3.9
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSLinuxLinux Kernel******numa_systems*3.12.9

Vulnerable Software List

VendorProductVersions
Linux Linux Kernel *

References

NameSourceURLTags
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ee53664bda169f519ce3c6a22d378f0b946c8178http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ee53664bda169f519ce3c6a2CONFIRM
openSUSE-SU-2015:0714http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.htmlSUSE
RHSA-2015:0290http://rhn.redhat.com/errata/RHSA-2015-0290.htmlREDHAT
RHSA-2015:0694http://rhn.redhat.com/errata/RHSA-2015-0694.htmlREDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1198457https://bugzilla.redhat.com/show_bug.cgi?id=1198457CONFIRM
https://github.com/torvalds/linux/commit/ee53664bda169f519ce3c6a22d378f0b946c8178https://github.com/torvalds/linux/commit/ee53664bda169f519ce3c6a22d378f0b946c8178CONFIRM