CVE-2014-2851

Priority
Medium
Description
Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the
Linux kernel through 3.14.1 allows local users to cause a denial of service
(use-after-free and system crash) or possibly gain privileges via a crafted
application that leverages an improperly managed reference counter.
Ubuntu-Description
A flaw was discovered in the Linux kernel's ping sockets. An unprivileged
local user could exploit this flaw to cause a denial of service (system
crash) or possibly gain privileges via a crafted application.
References
Bugs
Notes
 jdstrand> android kernels (goldfish, grouper, maguro, mako and manta) are not
  supported on the Ubuntu Touch 13.10 preview kernels
 tyhicks> android init writes a valid group range to
  /proc/sys/net/ipv4/ping_group_range which results in all unprivileged users
  being allowed to open restricted ICMP sockets and trigger this bug
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):released (3.13.0-27.50~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
linux-vegetahd:not-affected (1.0)
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):released (3.5.0-51.76~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Patches:
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):released (3.2.0-63.95)
Ubuntu 14.04 LTS (Trusty Tahr):released (3.13.0-27.50)
Ubuntu 15.04 (Vivid Vervet):not-affected (3.16.0-23.31)
Ubuntu 15.10 (Wily Werewolf):not-affected (3.19.0-15.15)
Patches:
Introduced by c319b4d76b9e583a5d88d6bf190e079c4e43213dFixed by b04c46190219a4f845e46a459e3102137b7f6cac
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):released (3.2.0-1446.65)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):released (3.8.0-41.60~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):released (3.2.0-1633.47)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):ignored (abandoned)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):released (3.11.0-22.38~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (was needed now end-of-life)
Ubuntu 15.04 (Vivid Vervet):released (3.4.0-7.32~15.04.1)
Ubuntu 15.10 (Wily Werewolf):pending (3.4.0-7.31)
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):ignored (abandoned)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):ignored (abandoned)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.19.0-18.18~14.04.1)
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (was needed now end-of-life)
Ubuntu 15.04 (Vivid Vervet):released (3.4.0-6.37~15.04.1)
Ubuntu 15.10 (Wily Werewolf):pending (3.4.0-6.36)
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):ignored (abandoned)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.16.0-25.33~14.04.2)
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (was needed now end-of-life)
Ubuntu 15.04 (Vivid Vervet):needed
Ubuntu 15.10 (Wily Werewolf):needed
Package
linux-krillin:not-affected (1.0)
Package
Upstream:released (3.15~rc2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (was needed now end-of-life)
Ubuntu 15.04 (Vivid Vervet):released (3.4.0-4.18~15.04.1)
Ubuntu 15.10 (Wily Werewolf):pending (3.4.0-4.17)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-09-05 02:14:16 UTC (commit 9923)