CVE-2014-3940

Published: Jun 5, 2014Modified: May 6, 2026

4.0

Vector

AV:L/AC:H/Au:N/C:N/I:N/A:C

Exploitability: 1.9 / Impact: 6.9

Source: NVD

Description

The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c.

Affected (16)

Products: Redhat: Enterprise Linux, Enterprise Mrg · Linux: Linux Kernel

2 products

Enterprise Linux

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 6.0
Redhat Enterprise Mrg	Version 2.0

Configuration B

14 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 3.14.5
Linux Linux Kernel	Version 3.14.1
Linux Linux Kernel	Version 3.14.2
Linux Linux Kernel	Version 3.14.3
Linux Linux Kernel	Version 3.14.4
Linux Linux Kernel	Version 3.14
Linux Linux Kernel	Version 3.14 rc1
Linux Linux Kernel	Version 3.14 rc2
Linux Linux Kernel	Version 3.14 rc3
Linux Linux Kernel	Version 3.14 rc4
Linux Linux Kernel	Version 3.14 rc5
Linux Linux Kernel	Version 3.14 rc6
Linux Linux Kernel	Version 3.14 rc7
Linux Linux Kernel	Version 3.14 rc8

Related CWEs

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (18)

http://rhn.redhat.com/errata/RHSA-2015-0290.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2015-1272.html

Source: cve@mitre.org

http://secunia.com/advisories/59011

Source: cve@mitre.org

http://secunia.com/advisories/61310

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2014/06/02/5

Source: cve@mitre.org

http://www.securityfocus.com/bid/67786

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=1104097

Source: cve@mitre.org

https://lkml.org/lkml/2014/3/18/784

Source: cve@mitre.org

https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2015-0290.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2015-1272.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/59011

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/61310

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2014/06/02/5

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/67786

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=1104097

Source: af854a3a-2127-422b-91ae-364da2661108

https://lkml.org/lkml/2014/3/18/784

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.