CVE-2014-0038

EPSS 34.6%

The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.

Affected products

n/a · n/a

public PoCs found — 9

githubgithub.com/saelo/cve-2014-0038★ 199 githubgithub.com/kiruthikan99/IT19115276★ 0 cve_referencewww.exploit-db.com/exploits/31346unverified cve_referencewww.exploit-db.com/exploits/31347unverified cve_referencewww.exploit-db.com/exploits/40503/unverified exploitdbwww.exploit-db.com/exploits/31305unverified exploitdbwww.exploit-db.com/exploits/40503unverified exploitdbwww.exploit-db.com/exploits/31346unverified exploitdbwww.exploit-db.com/exploits/31347unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2def2ef2ae5f3990aabdbe8a755911902707d268 http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html http://pastebin.com/raw.php?i=DH3Lbg54 https://bugzilla.redhat.com/show_bug.cgi?id=1060023 https://code.google.com/p/chromium/issues/detail?id=338594 http://secunia.com/advisories/56669 https://github.com/saelo/cve-2014-0038 https://github.com/torvalds/linux/commit/2def2ef2ae5f3990aabdbe8a755911902707d268 https://www.exploit-db.com/exploits/40503/http://www.exploit-db.com/exploits/31346 http://www.exploit-db.com/exploits/31347