CVE-2014-2706: Race Condition
First published: Wed Apr 02 2014(Updated: )
A Linux kernel built with a Generic IEEE 802.11 Networking Stack (CONFIG_MAC80211) is vulnerable to a crash caused by a race condition in frame transmission path and station wakeup event, in case when it's sleeping. The crash occurs because, mac80211 stack buffers frames when the station is sleeping, and the same are transmitted upon the station's(STA) wakeup. At this point, a buffered TX frame list is being emptied, while a new frame is being added to the RX list. A remote unprivileged user/program could use this flaw to crash the system kernel, resulting in DoS. Upstream fix: ------------- -> <a href="https://git.kernel.org/linus/1d147bfa64293b2723c4fec50922168658e613ba">https://git.kernel.org/linus/1d147bfa64293b2723c4fec50922168658e613ba</a> Reference: ---------- -> <a href="http://seclists.org/oss-sec/2014/q2/7">http://seclists.org/oss-sec/2014/q2/7</a>
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <3.2.56 | |
| Linux Linux kernel | >=3.3<3.4.84 | |
| Linux Linux kernel | >=3.5<3.10.34 | |
| Linux Linux kernel | >=3.11<3.12.15 | |
| Linux Linux kernel | >=3.13<3.13.7 | |
| Oracle Linux | =6 | |
| Oracle Linux | =7 | |
| Suse Linux Enterprise High Availability Extension | =11-sp3 | |
| SUSE SUSE Linux Enterprise Desktop | =11-sp3 | |
| SUSE SUSE Linux Enterprise Server | =11-sp3 | |
| Suse Suse Linux Enterprise Server Vmware | =11-sp3 | |
| Google Android | ||
| debian/linux | 5.10.223-1 5.10.226-1 6.1.106-3 6.1.112-1 6.11.4-1 6.11.5-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2014/04/01/8
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1d147bfa64293b2723c4fec50922168658e613ba
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7
- https://bugzilla.kernel.org/show_bug.cgi?id=70551#c18
- https://bugzilla.redhat.com/show_bug.cgi?id=1083512
- https://github.com/torvalds/linux/commit/1d147bfa64293b2723c4fec50922168658e613ba
- http://www.securityfocus.com/bid/66591
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html
- http://linux.oracle.com/errata/ELSA-2014-3052.html
- http://secunia.com/advisories/60613
- https://source.android.com/security/bulletin/2017-04-01
- http://www.securitytracker.com/id/1038201
- https://launchpad.net/bugs/cve/CVE-2014-2706
- https://git.kernel.org/linus/1d147bfa64293b2723c4fec50922168658e613ba
- http://seclists.org/oss-sec/2014/q2/7
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1083538
- https://rhn.redhat.com/errata/RHSA-2014-0557.html
- https://rhn.redhat.com/errata/RHSA-2014-0981.html
- https://rhn.redhat.com/errata/RHSA-2014-1023.html
- https://rhn.redhat.com/errata/RHSA-2014-1101.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1d147bfa64293b2723c4fec50922168658e613ba
- https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=1d147bfa64293b2723c4fec50922168658e613ba
- https://source.android.com/docs/security/bulletin/2017-04-01 (Advisory)
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1d147bfa64293b2723c4fec50922168658e613ba
- https://security-tracker.debian.org/tracker/CVE-2014-2706
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706
- https://nvd.nist.gov/vuln/detail/CVE-2014-2706
- https://ubuntu.com/security/CVE-2014-2706
- agent/type
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-2706
- agent/author
- agent/first-publish-date
- agent/severity
- agent/weakness
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- collector/android-source
- source/Android
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/3.3
- version/linux linux kernel/3.5
- version/linux linux kernel/3.11
- version/linux linux kernel/3.13
- vendor/oracle
- canonical/oracle linux
- version/oracle linux/6
- version/oracle linux/7
- vendor/suse
- canonical/suse linux enterprise high availability extension
- version/suse linux enterprise high availability extension/11-sp3
- canonical/suse suse linux enterprise desktop
- version/suse suse linux enterprise desktop/11-sp3
- canonical/suse suse linux enterprise server
- version/suse suse linux enterprise server/11-sp3
- canonical/suse suse linux enterprise server vmware
- version/suse suse linux enterprise server vmware/11-sp3
- vendor/google
- canonical/google android
- package-manager/debian