CVE-2014-9914

Published: Feb 7, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets.

Affected (5)

Products: Linux: Linux Kernel · Google: Android

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 3.11 to 3.12.23
Linux Linux Kernel	From 3.13 to 3.14.9
Linux Linux Kernel	From 3.15 to 3.15.2
Linux Linux Kernel	From 3.7.8 to 3.10.45

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Google Android	Up to 7.1.1

Related CWEs

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (12)

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9709674e68646cee5a24e3000b3558d25412203a

Source: security@android.com

Issue TrackingPatchThird Party Advisory

http://source.android.com/security/bulletin/2017-02-01.html

Source: security@android.com

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2

Source: security@android.com

Release NotesVendor Advisory

http://www.securityfocus.com/bid/96100

Source: security@android.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037798

Source: security@android.com

Third Party AdvisoryVDB Entry

https://github.com/torvalds/linux/commit/9709674e68646cee5a24e3000b3558d25412203a

Source: security@android.com

Issue TrackingPatchThird Party Advisory

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9709674e68646cee5a24e3000b3558d25412203a

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

http://source.android.com/security/bulletin/2017-02-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

http://www.securityfocus.com/bid/96100

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037798

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://github.com/torvalds/linux/commit/9709674e68646cee5a24e3000b3558d25412203a

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.