Vulnerability Name:

CVE-2014-3122 (CCN-92891)

Assigned:2013-03-19
Published:2013-03-19
Updated:2023-02-13
Summary:The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings.
CVSS v3 Severity:6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
3.7 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
4.9 Medium (REDHAT CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
3.7 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2014-3122

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2014-0557
Important: kernel-rt security update

Source: CCN
Type: RHSA-2014-1392
Important: kernel security, bug fix, and enhancement update

Source: CCN
Type: oss-security Mailing List, Wed 30 Apr 2014
CVE request Linux kernel: mm: try_to_unmap_cluster() should lock_page() before mlocking

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Patch, Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Patch, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: BID-67162
Linux Kernel 'mlock_vma_page()' Function Denial of Service Vulnerability

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
linux-kernel-cve20143122-dos(92891)

Source: CCN
Type: Linux Kernel GIT Repository
mm: try_to_unmap_cluster() should lock_page() before mlocking

Source: secalert@redhat.com
Type: Patch, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-3122

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*
  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*
  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*
  • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*
  • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:3.2.57:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20143122
    V
    CVE-2014-3122
    2022-05-20
    oval:org.opensuse.security:def:32240
    P
    Security update for the Linux Kernel (Live Patch 41 for SLE 12 SP3) (Important)
    2021-12-14
    oval:org.opensuse.security:def:26181
    P
    Security update for mozilla-nss (Important)
    2021-12-06
    oval:org.opensuse.security:def:31716
    P
    Security update for mozilla-nss (Important)
    2021-12-06
    oval:org.opensuse.security:def:26139
    P
    Security update for libvirt (Moderate)
    2021-10-04
    oval:org.opensuse.security:def:33016
    P
    Security update for python-urllib3 (Moderate)
    2021-09-29
    oval:org.opensuse.security:def:31642
    P
    Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:36428
    P
    kernel-docs-3.0.101-63.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:42571
    P
    kernel-default-3.0.101-63.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36164
    P
    kernel-default-3.0.101-63.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:31631
    P
    Security update for gstreamer-plugins-bad (Important)
    2021-06-07
    oval:org.opensuse.security:def:31630
    P
    Security update for polkit (Important)
    2021-06-03
    oval:org.opensuse.security:def:26055
    P
    Security update for hivex (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:26053
    P
    Security update for libxml2 (Important)
    2021-05-19
    oval:org.opensuse.security:def:33905
    P
    Security update for the Linux Kernel (Important)
    2021-05-13
    oval:org.opensuse.security:def:32084
    P
    Security update for gdm (Important)
    2021-04-28
    oval:org.opensuse.security:def:33088
    P
    Security update for MozillaFirefox (Important)
    2021-03-01
    oval:org.opensuse.security:def:33073
    P
    Security update for wpa_supplicant (Important)
    2021-02-15
    oval:org.opensuse.security:def:25977
    P
    Security update for openssl-1_1 (Important)
    2020-12-10
    oval:org.opensuse.security:def:28683
    P
    Security update for flash-player (Critical)
    2020-12-01
    oval:org.opensuse.security:def:33161
    P
    libmspack0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25917
    P
    Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:29079
    P
    Security update for curl (Important)
    2020-12-01
    oval:org.opensuse.security:def:26343
    P
    Security update for MozillaThunderbird (Important)
    2020-12-01
    oval:org.opensuse.security:def:29853
    P
    Security update for Linux Kernel
    2020-12-01
    oval:org.opensuse.security:def:25978
    P
    Security update for tcpdump, libpcap (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27127
    P
    freetype2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26319
    P
    Security update for kde-cli-tools5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32406
    P
    Security update for wavpack (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32622
    P
    LibVNCServer on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26695
    P
    fetchmail on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28467
    P
    Security update for xorg-x11-libXpm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25725
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:28976
    P
    Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:33866
    P
    Security update for jasper (Important)
    2020-12-01
    oval:org.opensuse.security:def:29179
    P
    Security update for microcode_ctl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31940
    P
    Recommended update for glibc (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26445
    P
    Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:32345
    P
    Security update for spice (Important)
    2020-12-01
    oval:org.opensuse.security:def:32409
    P
    Security update for wget (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26607
    P
    libvorbis on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33127
    P
    kernel-default on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28388
    P
    Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:32860
    P
    findutils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27391
    P
    e2fsprogs-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25713
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:28740
    P
    Security update for libevent
    2020-12-01
    oval:org.opensuse.security:def:33184
    P
    libsss_idmap0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25998
    P
    Security update for libreoffice (Important)
    2020-12-01
    oval:org.opensuse.security:def:29118
    P
    Security update for java-1_7_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:26392
    P
    Security update for MozillaThunderbird (Important)
    2020-12-01
    oval:org.opensuse.security:def:25989
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:27162
    P
    kernel-default on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32397
    P
    Security update for unzip (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26403
    P
    Security update for ffmpeg (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32450
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:32716
    P
    libltdl7 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26709
    P
    gmime on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28598
    P
    Security update for ruby
    2020-12-01
    oval:org.opensuse.security:def:33122
    P
    kdebase4-runtime on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25789
    P
    Security update for flash-player (Critical)
    2020-12-01
    oval:org.opensuse.security:def:29030
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26290
    P
    Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29817
    P
    Security update for jasper (Low)
    2020-12-01
    oval:org.opensuse.security:def:31997
    P
    Security update for java-1_7_1-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:26489
    P
    Security update for php7-imagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26262
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:32384
    P
    Security update for tiff (Low)
    2020-12-01
    oval:org.opensuse.security:def:32487
    P
    apache2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26656
    P
    zoo on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28399
    P
    Security update for sane-backends (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27426
    P
    kernel-docs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25714
    P
    Security update for libpng16 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28824
    P
    Recommended update for python-setuptools (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33228
    P
    perl-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29135
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:31848
    P
    Security update for clamav (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26431
    P
    Security update for tor (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32296
    P
    Security update for procmail (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32398
    P
    Security update for unzip (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26554
    P
    ghostscript-fonts-other on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28387
    P
    Security update for rubygem-rack-1_4 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32773
    P
    postgresql on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26753
    P
    libmysqlclient15-32bit on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:27086
    P
    RHSA-2014:1392: kernel security, bug fix, and enhancement update (Important)
    2015-04-13
    oval:org.mitre.oval:def:27227
    P
    ELSA-2014-3083 -- Unbreakable Enterprise kernel Security update (important)
    2015-03-16
    oval:org.mitre.oval:def:26025
    P
    SUSE-SU-2014:0807-1 -- Security update for Linux Kernel
    2015-03-16
    oval:org.mitre.oval:def:27136
    P
    ELSA-2014-3082 -- Unbreakable Enterprise kernel security update (important)
    2014-12-15
    oval:org.mitre.oval:def:27024
    P
    ELSA-2014-1392 -- kernel security, bug fix, and enhancement update (important)
    2014-12-15
    oval:com.redhat.rhsa:def:20141392
    P
    RHSA-2014:1392: kernel security, bug fix, and enhancement update (Important)
    2014-10-14
    oval:org.mitre.oval:def:25325
    P
    SUSE-SU-2014:0912-1 -- Security update for Linux kernel
    2014-09-15
    oval:org.mitre.oval:def:26192
    P
    SUSE-SU-2014:0910-1 -- Security update for Linux kernel
    2014-09-15
    oval:org.mitre.oval:def:26250
    P
    SUSE-OU-2014:0907-1 -- Optional update for Linux kernel
    2014-09-15
    oval:org.mitre.oval:def:25414
    P
    SUSE-SU-2014:0911-1 -- Security update for Linux kernel
    2014-09-15
    oval:org.mitre.oval:def:25408
    P
    SUSE-SU-2014:0696-1 -- Security update for Linux kernel
    2014-09-08
    oval:org.mitre.oval:def:25161
    P
    USN-2260-1 -- linux-lts-trusty vulnerabilities
    2014-08-11
    oval:org.mitre.oval:def:24761
    P
    USN-2224-1 -- linux-lts-raring vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:24853
    P
    USN-2223-1 -- linux-lts-quantal vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:24568
    P
    USN-2234-1 -- linux-ec2 vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:24832
    P
    USN-2235-1 -- linux vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:24860
    P
    USN-2236-1 -- linux-ti-omap4 vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:24658
    P
    USN-2239-1 -- linux-lts-saucy vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:24844
    P
    USN-2241-1 -- linux vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:24753
    P
    USN-2240-1 -- linux vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:24852
    P
    USN-2233-1 -- linux vulnerabilities
    2014-07-21
    oval:com.ubuntu.xenial:def:201431220000000
    V
    CVE-2014-3122 on Ubuntu 16.04 LTS (xenial) - medium.
    2014-05-11
    oval:com.ubuntu.precise:def:20143122000
    V
    CVE-2014-3122 on Ubuntu 12.04 LTS (precise) - medium.
    2014-05-11
    oval:com.ubuntu.trusty:def:20143122000
    V
    CVE-2014-3122 on Ubuntu 14.04 LTS (trusty) - medium.
    2014-05-11
    oval:com.ubuntu.xenial:def:20143122000
    V
    CVE-2014-3122 on Ubuntu 16.04 LTS (xenial) - medium.
    2014-05-11
    BACK
    linux linux kernel 3.2.57
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux desktop 6
    redhat enterprise linux hpc node 6