CVE-2014-3145

Linux Kernel < 3.14.3 - Denial of Service via BPF Extension Out-of-bounds Read

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-3145. PoCs published by codecat007.

AI-analyzed exploit summary This PoC exploits CVE-2014-3145, a vulnerability in the Linux kernel's netlink subsystem that allows local privilege escalation via crafted BPF filters. The code demonstrates the flaw by manipulating socket filters to trigger improper handling of nested netlink attributes.

Description

The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced.

Exploits (1)

github WORKING POC 8 stars

by codecat007 · cpoc

https://github.com/codecat007/cvehub/tree/main/android/securityPatch/CVE-2014-3145

View Code ZIP pw:eip

This PoC exploits CVE-2014-3145, a vulnerability in the Linux kernel's netlink subsystem that allows local privilege escalation via crafted BPF filters. The code demonstrates the flaw by manipulating socket filters to trigger improper handling of nested netlink attributes.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel (versions affected by CVE-2014-3145)

No auth needed

Prerequisites: Local access to the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (19)

Core 19

Core References

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2014/05/09/6

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2263-1

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2014/dsa-2949

Patch, Third Party Advisory x_refsource_confirm

https://source.android.com/security/bulletin/2017-04-01

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2261-1

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2252-1

Third Party Advisory x_refsource_confirm

http://linux.oracle.com/errata/ELSA-2014-3052.html

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/58990

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/60613

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2264-1

Exploit, Patch, Third Party Advisory x_refsource_confirm

https://github.com/torvalds/linux/commit/05ab8f2647e4221cbdb3856dd7d32bd5407316b3

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2262-1

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/67321

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2259-1

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2251-1

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59311

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59597

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1038201

Patch x_refsource_confirm

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=05ab8f2647e4221cbdb3856dd7d32bd5407316b3

Scores

EPSS 0.0006

EPSS Percentile 18.4%

Details

CWE

CWE-125

Status published

Products (7)

canonical/ubuntu_linux 10.04

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 13.10

debian/debian_linux 7.0

linux/linux_kernel < 3.14.3

oracle/linux 6

oracle/linux 7

Published May 11, 2014

Tracked Since Feb 18, 2026