CVE-2014-0203

MEDIUM

Linux Kernel < 2.6.33 - Use-After-Free in __do_follow_link

Title source: llm
STIX 2.1

Description

The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call.

References (11)

Core 11
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1094363
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59262
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/68125
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59309
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59406
Third Party Advisory x_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-0771.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59560
Third Party Advisory x_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-3043.html

Scores

CVSS v3 5.5
EPSS 0.0054
EPSS Percentile 41.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-416
Status published
Products (3)
linux/linux_kernel < 2.6.33
oracle/linux 5
oracle/linux 6
Published Jun 23, 2014
Tracked Since Feb 18, 2026