What is the severity of USN-2466-1?

USN-2466-1 is classified as a denial of service vulnerability that could lead to system crashes.

How do I fix USN-2466-1?

To fix USN-2466-1, upgrade to linux-image-3.13.0-44.73 or a later version.

Is my system affected by USN-2466-1?

USN-2466-1 affects Ubuntu version 14.04 with specific linux-image packages.

What vulnerability does USN-2466-1 relate to?

USN-2466-1 is related to CVE-2014-7841, which involves a null pointer dereference in the SCTP implementation.

Can USN-2466-1 be exploited remotely?

Yes, a remote attacker can exploit USN-2466-1 by sending a malformed INIT chunk to cause a denial of service.

Vulnerability/
USN-2466-1

CWE

119 476 362

13/1/2015

USN-2466-1: Linux kernel vulnerabilities

First published: Tue Jan 13 2015(Updated: )

A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841) A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. (CVE-2014-7842) Miloš Prchlík reported a flaw in how the ARM64 platform handles a single byte overflow in __clear_user. A local user could exploit this flaw to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary. (CVE-2014-7843) A stack buffer overflow was discovered in the ioctl command handling for the Technotrend/Hauppauge USB DEC devices driver. A local user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges. (CVE-2014-8884)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-3.13.0-44-generic	<3.13.0-44.73	3.13.0-44.73
Ubuntu 22.04 LTS	=14.04
All of
ubuntu/linux-image-3.13.0-44-generic-lpae	<3.13.0-44.73	3.13.0-44.73
Ubuntu 22.04 LTS	=14.04
All of
ubuntu/linux-image-3.13.0-44-lowlatency	<3.13.0-44.73	3.13.0-44.73
Ubuntu 22.04 LTS	=14.04
All of
ubuntu/linux-image-3.13.0-44-powerpc-e500	<3.13.0-44.73	3.13.0-44.73
Ubuntu 22.04 LTS	=14.04
All of
ubuntu/linux-image-3.13.0-44-powerpc-e500mc	<3.13.0-44.73	3.13.0-44.73
Ubuntu 22.04 LTS	=14.04
All of
ubuntu/linux-image-3.13.0-44-powerpc-smp	<3.13.0-44.73	3.13.0-44.73
Ubuntu 22.04 LTS	=14.04
All of
ubuntu/linux-image-3.13.0-44-powerpc64-emb	<3.13.0-44.73	3.13.0-44.73
Ubuntu 22.04 LTS	=14.04
All of
ubuntu/linux-image-3.13.0-44-powerpc64-smp	<3.13.0-44.73	3.13.0-44.73
Ubuntu 22.04 LTS	=14.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-2466-1?
USN-2466-1 is classified as a denial of service vulnerability that could lead to system crashes.
How do I fix USN-2466-1?
To fix USN-2466-1, upgrade to linux-image-3.13.0-44.73 or a later version.
Is my system affected by USN-2466-1?
USN-2466-1 affects Ubuntu version 14.04 with specific linux-image packages.
What vulnerability does USN-2466-1 relate to?
USN-2466-1 is related to CVE-2014-7841, which involves a null pointer dereference in the SCTP implementation.
Can USN-2466-1 be exploited remotely?
Yes, a remote attacker can exploit USN-2466-1 by sending a malformed INIT chunk to cause a denial of service.

agent/severity
agent/type
agent/first-publish-date
agent/last-modified-date
agent/title
agent/weakness
agent/references
agent/description
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu 22.04 lts
version/ubuntu 22.04 lts/14.04