What is CVE-2014-0038?

CVE-2014-0038 is a vulnerability in Linux Linux_kernel, classified under Improper Input Validation. Published 2014-02-06.

Is CVE-2014-0038 known to be exploited?

81 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Linux Linux_kernel

CVE-2014-0038

The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.515 (97.9th percentile) — read the EPSS interpretation.

Affected products

Linux Linux_kernel
Opensuse — versions 12.3
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_CONFIRM, VDB Entry, Third Party Advisory)
USN-2096-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
secalert@redhat.com (Third Party Advisory, x_refsource_MISC)
USN-2095-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
secalert@redhat.com (Exploit, x_refsource_MISC)
secalert@redhat.com (Third Party Advisory, x_refsource_MISC)
USN-2094-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
MDVSA-2014:038 (vendor-advisory, Third Party Advisory, x_refsource_MANDRIVA)
56669 (x_refsource_SECUNIA, Not Applicable, third-party-advisory)
65255 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2014-0038?: CVE-2014-0038 is a vulnerability in Linux Linux_kernel, classified under Improper Input Validation. Published 2014-02-06.
Is CVE-2014-0038 known to be exploited?: 81 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.