What is CVE-2014-8160?

CVE-2014-8160 is a vulnerability in Linux Linux_kernel, classified under Improper Input Validation. Published 2015-03-02.

Is CVE-2014-8160 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Linux Linux_kernel

CVE-2014-8160

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers t…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.024 (85.5th percentile) — read the EPSS interpretation.

Affected products

Linux Linux_kernel
Canonical Ubuntu_linux — versions 12.04, 14.04, 14.10
Debian Debian_linux — versions 7.0, 8.0
Opensuse — versions 13.1
Redhat Enterprise_linux_desktop — versions 6.0, 7.0
Redhat Enterprise_linux_server — versions 6.0, 7.0
Redhat Enterprise_linux_server_aus — versions 6.5, 6.6, 7.3
Redhat Enterprise_linux_server_eus — versions 6.5, 6.6, 7.3
Redhat Enterprise_linux_server_tus — versions 6.5, 6.6, 7.6
Redhat Enterprise_linux_workstation — versions 6.0, 7.0

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

USN-2515-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
DSA-3170 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory)
SUSE-SU-2015:0736 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
72061 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
SUSE-SU-2015:0652 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
USN-2514-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
USN-2518-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
MDVSA-2015:057 (vendor-advisory, Third Party Advisory, x_refsource_MANDRIVA)
RHSA-2015:0290 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)

Frequently asked questions

What is CVE-2014-8160?: CVE-2014-8160 is a vulnerability in Linux Linux_kernel, classified under Improper Input Validation. Published 2015-03-02.
Is CVE-2014-8160 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.