CVE-2014-0100
Linux Kernel 3.9-3.10.37 - Use-After-Free via Fragmented ICMP Echo Request Packets
Title source: llmDescription
Race condition in the inet_frag_intern function in net/ipv4/inet_fragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service (use-after-free error) or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system with a heavy CPU load.
References (3)
Core 3
Core References
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/03/04/4
Patch, Third Party Advisory x_refsource_misc
http://patchwork.ozlabs.org/patch/325844/
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1070618
Scores
EPSS
0.0296
EPSS Percentile
85.5%
Details
CWE
CWE-362
CWE-416
Status
published
Products (1)
linux/linux_kernel
3.9 - 3.10.37
Published
Mar 11, 2014
Tracked Since
Feb 18, 2026