Vulnerability in Linux Linux_kernel

CVE-2014-3940

The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by…

Vulnerability class: Race Condition

EPSS: 0.000 (13.0th percentile) — read the EPSS interpretation.

Affected products

Linux Linux_kernel — versions 3.14, 3.14.1, 3.14.2
Redhat Enterprise_linux — versions 6.0
Redhat Enterprise_mrg — versions 2.0
N/a — versions n/a

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

References

cve@mitre.org (x_refsource_CONFIRM)
59011 (x_refsource_SECUNIA, third-party-advisory)
[linux-kernel] 20140318 [PATCH RESEND -mm 1/2] mm: add !pte_present() check on existing hugetlb_entry callbacks (mailing-list, x_refsource_MLIST)
cve@mitre.org (x_refsource_CONFIRM)
RHSA-2015:0290 (x_refsource_REDHAT, vendor-advisory)
[oss-security] 20140602 CVE-2014-3940 - Linux kernel - missing check during hugepage migration (mailing-list, x_refsource_MLIST)
67786 (vdb-entry, x_refsource_BID)
61310 (x_refsource_SECUNIA, third-party-advisory)
RHSA-2015:1272 (x_refsource_REDHAT, vendor-advisory)