Linux Kernel IPv6 Networking Subsystem null pointer dereference
![Linux](/logos/linux.jpg)
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
4.8 | $0-$5k | 0.00 |
A vulnerability was found in Linux Kernel (Operating System) (the affected version is unknown). It has been rated as problematic. This issue affects an unknown code of the component IPv6 Networking Subsystem. The manipulation with an unknown input leads to a null pointer dereference vulnerability. Using CWE to declare the problem leads to CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. Impacted is availability.
The weakness was presented 11/02/2014 by Ben Hutchings as confirmed mailinglist post (oss-sec). The advisory is shared at seclists.org. The identification of this vulnerability is CVE-2014-7207 since 09/27/2014. The exploitation is known to be easy. An attack has to be approached locally. A simple authentication is needed for exploitation. Neither technical details nor an exploit are publicly available. The advisory points out:
A local user with access to tun or macvtap devices, or a virtual machine connected to such a device, can cause a denial of service (system crash).
The vulnerability scanner Nessus provides a plugin with the ID 78784 (Debian DSA-3060-1 : linux - security update), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Debian Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 195679 (Ubuntu Security Notification for Linux Vulnerabilities (USN-2417-1)).
Upgrading eliminates this vulnerability. The mailinglist post contains the following remark:
This update includes a bug fix related to CVE-2014-7207 that disables UFO (UDP Fragmentation Offload) in the macvtap, tun, and virtio_net drivers.
The vulnerability is also documented in the databases at X-Force (98434), Tenable (78784), SecurityFocus (BID 70867†) and Vulnerability Center (SBV-47916†). bugs.debian.org is providing further details. See VDB-68092 for similar entry.
Product
Type
Vendor
Name
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.5VulDB Meta Temp Score: 4.8
VulDB Base Score: 5.5
VulDB Temp Score: 4.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Null pointer dereferenceCWE: CWE-476 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Local: Yes
Remote: No
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Nessus ID: 78784
Nessus Name: Debian DSA-3060-1 : linux - security update
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 703060
OpenVAS Name: Debian Security Advisory DSA 3060-1 (linux - security update)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
09/27/2014 🔍10/31/2014 🔍
10/31/2014 🔍
11/02/2014 🔍
11/04/2014 🔍
11/10/2014 🔍
01/05/2015 🔍
02/24/2022 🔍
Sources
Vendor: kernel.orgAdvisory: USN-2417-1
Researcher: Ben Hutchings
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2014-7207 (🔍)
OVAL: 🔍
X-Force: 98434 - Linux Kernel IPv6 networking subsystem denial of service, Medium Risk
SecurityFocus: 70867 - Linux Kernel CVE-2014-7207 Local Denial of Service Vulnerability
Vulnerability Center: 47916 - Linux kernel 3.2.0 - 3.2.63 IPv6 Implementation Local DoS Vulnerability, Medium
Misc.: 🔍
See also: 🔍
Entry
Created: 11/04/2014 08:27Updated: 02/24/2022 00:49
Changes: 11/04/2014 08:27 (77), 06/17/2017 07:31 (2), 02/24/2022 00:34 (4), 02/24/2022 00:49 (1)
Complete: 🔍
Cache ID: 3:74E:103
No comments yet. Languages: en.
Please log in to comment.