CVE-2014-2568
Description
Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced.
Risk Information
Base Score
6.2
MODERATE
Vector
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.19
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Linux hardware enablement kernel from Saucy (USN-2239-1) linux-image-3.11.0-23-generic_3.11.0-23.40~precise1_i386.deb | Linux |
| Linux hardware enablement kernel from Saucy (USN-2239-1) linux-image-3.11.0-23-generic_3.11.0-23.40~precise1_amd64.deb | Linux |
| Linux kernel (USN-2240-1) linux-image-3.13.0-29-generic_3.13.0-29.53_i386.deb | Linux |
| Linux kernel (USN-2240-1) linux-image-3.13.0-29-generic_3.13.0-29.53_amd64.deb | Linux |
| Linux kernel (USN-2240-1) linux-image-3.13.0-29-lowlatency_3.13.0-29.53_i386.deb | Linux |
| Linux kernel (USN-2240-1) linux-image-3.13.0-29-lowlatency_3.13.0-29.53_amd64.deb | Linux |
| Block storage devices (udeb) (USN-2260-1) linux-image-3.13.0-30-generic_3.13.0-30.55~precise1_i386.deb | Linux |
| Block storage devices (udeb) (USN-2260-1) linux-image-3.13.0-30-generic_3.13.0-30.55~precise1_amd64.deb | Linux |
| Use After Free Vulnerability (CVE-2014-2568) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234