{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-03-26T00:00:00", "descriptions": [{"lang": "en", "value": "The cma_req_handler function in drivers/infiniband/core/cma.c in the Linux kernel 3.14.x through 3.14.1 attempts to resolve an RDMA over Converged Ethernet (aka RoCE) address that is properly resolved within a different module, which allows remote attackers to cause a denial of service (incorrect pointer dereference and system crash) via crafted network traffic."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-04-17T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20140410 Re: CVE request Linux kernel: IB/core: crash while resolving passive side RoCE L2 address in cma_req_handler", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/04/10/9"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/b2853fd6c2d0f383dbdf7427e263eb576a633867"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b2853fd6c2d0f383dbdf7427e263eb576a633867"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1085415"}, {"name": "66716", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/66716"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:21:36.133Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20140410 Re: CVE request Linux kernel: IB/core: crash while resolving passive side RoCE L2 address in cma_req_handler", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/04/10/9"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/b2853fd6c2d0f383dbdf7427e263eb576a633867"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b2853fd6c2d0f383dbdf7427e263eb576a633867"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1085415"}, {"name": "66716", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/66716"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-2739", "datePublished": "2014-04-14T23:00:00", "dateReserved": "2014-04-08T00:00:00", "dateUpdated": "2024-08-06T10:21:36.133Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:rc1:*:*:*:*:*:*", "matchCriteriaId": "B1817B5C-356A-44FD-A645-AF224A59F6ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:rc2:*:*:*:*:*:*", "matchCriteriaId": "3B528018-4A7E-4E59-A7CA-91D2A9536831", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:rc3:*:*:*:*:*:*", "matchCriteriaId": "1795E18E-AE30-4230-809F-E40317FB96BD", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:rc4:*:*:*:*:*:*", "matchCriteriaId": "0F91AF02-7C23-4888-A580-07C166BE8128", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:rc5:*:*:*:*:*:*", "matchCriteriaId": "61A7DB5C-EB54-4D4A-AB38-8060F13C8779", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:rc6:*:*:*:*:*:*", "matchCriteriaId": "4FF2C86B-7087-4EFC-A256-3AF313C25325", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:rc7:*:*:*:*:*:*", "matchCriteriaId": "14AC6A73-D01C-44F4-9821-BAE9600E72D5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:rc8:*:*:*:*:*:*", "matchCriteriaId": "055557BE-1FE9-45F5-8A95-F8D3C9B031E4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "742641DA-1CAE-4156-95F3-367793713696", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The cma_req_handler function in drivers/infiniband/core/cma.c in the Linux kernel 3.14.x through 3.14.1 attempts to resolve an RDMA over Converged Ethernet (aka RoCE) address that is properly resolved within a different module, which allows remote attackers to cause a denial of service (incorrect pointer dereference and system crash) via crafted network traffic."}, {"lang": "es", "value": "La funci\u00f3n cma_req_handler en drivers/infiniband/core/cma.c en el kernel de Linux 3.14.x hasta 3.14.1 intenta resolver un RDMA sobre una direcci\u00f3n Converged Ethernet (tambi\u00e9n conocido como RoCE) que se resuelve debidamente dentro de un m\u00f3dulo diferente, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (referencia a puntero incorrecto y ca\u00edda de sistema) a trav\u00e9s de trafico de red manipulado."}], "id": "CVE-2014-2739", "lastModified": "2023-02-13T00:38:40.473", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.2, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-04-14T23:55:07.747", "references": [{"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b2853fd6c2d0f383dbdf7427e263eb576a633867"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2014/04/10/9"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/66716"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1085415"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "https://github.com/torvalds/linux/commit/b2853fd6c2d0f383dbdf7427e263eb576a633867"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "Kernel: IB/core: crash while resolving passive side RoCE L2 address in cma req handler", "id": "1085415", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1085415"}, "csaw": false, "cvss": {"cvss_base_score": "4.6", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:N/I:N/A:C", "status": "draft"}, "details": ["The cma_req_handler function in drivers/infiniband/core/cma.c in the Linux kernel 3.14.x through 3.14.1 attempts to resolve an RDMA over Converged Ethernet (aka RoCE) address that is properly resolved within a different module, which allows remote attackers to cause a denial of service (incorrect pointer dereference and system crash) via crafted network traffic."], "name": "CVE-2014-2739", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2014-03-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-2739\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2739"], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.", "threat_severity": "Moderate"}