CVE-2014-3180

Published: Nov 6, 2019Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable

Affected (2)

Products: Linux: Linux Kernel · Google: Chrome Os

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 3.17

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome Os	All versions

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (4)

https://bugs.chromium.org/p/chromium/issues/detail?id=408827

Source: chrome-cve-admin@google.com

https://lkml.org/lkml/2014/9/7/29

Source: chrome-cve-admin@google.com

https://bugs.chromium.org/p/chromium/issues/detail?id=408827

Source: af854a3a-2127-422b-91ae-364da2661108

https://lkml.org/lkml/2014/9/7/29

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.