CVE-2014-2851

Priority
Medium
Description
Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the
Linux kernel through 3.14.1 allows local users to cause a denial of service
(use-after-free and system crash) or possibly gain privileges via a crafted
application that leverages an improperly managed reference counter.
Ubuntu-Description
A flaw was discovered in the Linux kernel's ping sockets. An unprivileged
local user could exploit this flaw to cause a denial of service (system
crash) or possibly gain privileges via a crafted application.
References
Bugs
Notes
jdstrand> android kernels (goldfish, grouper, maguro, mako and manta) are not
supported on the Ubuntu Touch 13.10 preview kernels
tyhicks> android init writes a valid group range to
/proc/sys/net/ipv4/ping_group_range which results in all unprivileged users
being allowed to open restricted ICMP sockets and trigger this bug
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):released (3.13.0-27.50~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):released (3.5.0-51.76~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Patches:
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):released (3.2.0-63.95)
Ubuntu 14.04 LTS (Trusty Tahr):released (3.13.0-27.50)
Ubuntu 14.10 (Utopic Unicorn):not-affected (3.15.0-1.5)
Ubuntu 15.04 (Vivid Vervet):not-affected (3.16.0-23.31)
Ubuntu 15.10 (Wily Werewolf):not-affected (3.19.0-16.16)
Patches:
Introduced by c319b4d76b9e583a5d88d6bf190e079c4e43213dFixed by b04c46190219a4f845e46a459e3102137b7f6cac
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):released (3.2.0-1446.65)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):released (3.8.0-41.60~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):released (3.2.0-1633.47)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):ignored (abandoned)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):released (3.11.0-22.38~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (was needed now end-of-life)
Ubuntu 14.10 (Utopic Unicorn):needed
Ubuntu 15.04 (Vivid Vervet):pending (3.4.0-7.31)
Ubuntu 15.10 (Wily Werewolf):pending (3.4.0-7.31)
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 14.10 (Utopic Unicorn):needs-triage
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):ignored (abandoned)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):ignored (abandoned)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.19.0-18.18~14.04.1)
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (was needed now end-of-life)
Ubuntu 14.10 (Utopic Unicorn):needed
Ubuntu 15.04 (Vivid Vervet):pending (3.4.0-6.36)
Ubuntu 15.10 (Wily Werewolf):pending (3.4.0-6.36)
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):ignored (abandoned)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.16.0-25.33~14.04.2)
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (was needed now end-of-life)
Ubuntu 14.10 (Utopic Unicorn):needed
Ubuntu 15.04 (Vivid Vervet):needed
Ubuntu 15.10 (Wily Werewolf):needed
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (was needed now end-of-life)
Ubuntu 14.10 (Utopic Unicorn):needed
Ubuntu 15.04 (Vivid Vervet):pending (3.4.0-4.17)
Ubuntu 15.10 (Wily Werewolf):pending (3.4.0-4.17)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-05-21 19:14:48 UTC (commit 9495)