Vulnerability-Lookup

CVE-2014-7843 (GCVE-0-2014-7843)

Vulnerability from cvelistv5 – Published: 2014-11-30 01:00 – Updated: 2024-08-06 13:03

Summary

The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

GSD-2014-7843

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-7843

Aliases

CVE-2014-7843

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-7843",
    "description": "The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary.",
    "id": "GSD-2014-7843",
    "references": [
      "https://www.suse.com/security/cve/CVE-2014-7843.html",
      "https://ubuntu.com/security/CVE-2014-7843"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-7843"
      ],
      "details": "The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary.",
      "id": "GSD-2014-7843",
      "modified": "2023-12-13T01:22:47.472634Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2014-7843",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4",
            "refsource": "MISC",
            "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4"
          },
          {
            "name": "http://secunia.com/advisories/62305",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/62305"
          },
          {
            "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97fc15436b36ee3956efad83e22a557991f7d19d",
            "refsource": "MISC",
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97fc15436b36ee3956efad83e22a557991f7d19d"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2014/11/13/5",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2014/11/13/5"
          },
          {
            "name": "http://www.securityfocus.com/bid/71082",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/71082"
          },
          {
            "name": "https://github.com/torvalds/linux/commit/97fc15436b36ee3956efad83e22a557991f7d19d",
            "refsource": "MISC",
            "url": "https://github.com/torvalds/linux/commit/97fc15436b36ee3956efad83e22a557991f7d19d"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1163744",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163744"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:arm64:*",
                "cpe_name": [],
                "versionEndIncluding": "3.17.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-7843"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-17"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/97fc15436b36ee3956efad83e22a557991f7d19d",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://github.com/torvalds/linux/commit/97fc15436b36ee3956efad83e22a557991f7d19d"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1163744",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163744"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4"
            },
            {
              "name": "[oss-security] 20141113 CVE-2014-7843 Linux kernel: aarch64: copying from /dev/zero causes local DoS",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2014/11/13/5"
            },
            {
              "name": "71082",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/71082"
            },
            {
              "name": "62305",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62305"
            },
            {
              "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97fc15436b36ee3956efad83e22a557991f7d19d",
              "refsource": "MISC",
              "tags": [],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97fc15436b36ee3956efad83e22a557991f7d19d"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.9,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T00:42Z",
      "publishedDate": "2014-11-30T01:59Z"
    }
  }
}

FKIE_CVE-2014-7843

Vulnerability from fkie_nvd - Published: 2014-11-30 01:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97fc15436b36ee3956efad83e22a557991f7d19d
secalert@redhat.com	http://secunia.com/advisories/62305
secalert@redhat.com	http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4	Vendor Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2014/11/13/5
secalert@redhat.com	http://www.securityfocus.com/bid/71082
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1163744	Patch, Vendor Advisory
secalert@redhat.com	https://github.com/torvalds/linux/commit/97fc15436b36ee3956efad83e22a557991f7d19d	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97fc15436b36ee3956efad83e22a557991f7d19d
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62305
af854a3a-2127-422b-91ae-364da2661108	http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2014/11/13/5
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/71082
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1163744	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/torvalds/linux/commit/97fc15436b36ee3956efad83e22a557991f7d19d	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:arm64:*",
              "matchCriteriaId": "AC6F3D3E-8FB9-41AD-901D-BC81B689ECDF",
              "versionEndIncluding": "3.17.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n __clear_user en arch/arm64/lib/clear_user.S en el kernel de Linux anterior a 3.17.4 en la plataforma ARM64 permite a usuarios locales causar una denegaci\u00f3n de servicio (ca\u00edda del sistema) mediante la lectura de un byte m\u00e1s all\u00e1 del l\u00edmite de p\u00e1gina /dev/zero."
    }
  ],
  "id": "CVE-2014-7843",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-11-30T01:59:05.570",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97fc15436b36ee3956efad83e22a557991f7d19d"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/62305"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2014/11/13/5"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/71082"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163744"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/97fc15436b36ee3956efad83e22a557991f7d19d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97fc15436b36ee3956efad83e22a557991f7d19d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/11/13/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/71082"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/97fc15436b36ee3956efad83e22a557991f7d19d"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-17"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-8973-H52F-9CXP

Vulnerability from github – Published: 2022-05-17 04:17 – Updated: 2022-05-17 04:17

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-7843"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-11-30T01:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary.",
  "id": "GHSA-8973-h52f-9cxp",
  "modified": "2022-05-17T04:17:01Z",
  "published": "2022-05-17T04:17:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7843"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/97fc15436b36ee3956efad83e22a557991f7d19d"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163744"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97fc15436b36ee3956efad83e22a557991f7d19d"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=97fc15436b36ee3956efad83e22a557991f7d19d"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62305"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2014/11/13/5"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/71082"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2015-AVI-021

Vulnerability from certfr_avis - Published: 2015-01-14 - Updated: 2015-01-14

De multiples vulnérabilités ont été corrigées dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 12.04 LTS
Ubuntu	Ubuntu	Ubuntu 14.04 LTS
Ubuntu	Ubuntu	Ubuntu 10.04 LTS
Ubuntu	Ubuntu	Ubuntu 14.10

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-7843 (GCVE-0-2014-7843)

GSD-2014-7843

FKIE_CVE-2014-7843

GHSA-8973-H52F-9CXP

CERTFR-2015-AVI-021

Solution

Tags

Sightings

Nomenclature