| Vulnerability Name: | CVE-2014-3880 (CCN-93747) | ||||||||
| Assigned: | 2014-06-03 | ||||||||
| Published: | 2014-06-03 | ||||||||
| Updated: | 2014-06-21 | ||||||||
| Summary: | The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a process before all threads have terminated, which allows local users to cause a denial of service (triple-fault and system reboot) via a crafted system call, which triggers an invalid page table pointer dereference. | ||||||||
| CVSS v3 Severity: | 6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
| ||||||||
| CVSS v2 Severity: | 4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C) 3.7 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-20 | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-3880 Source: SECUNIA Type: UNKNOWN 59034 Source: DEBIAN Type: UNKNOWN DSA-2952 Source: CCN Type: FreeBSD-EN-14:06.exec triple-fault when executing from a threaded process Source: CONFIRM Type: Vendor Advisory http://www.freebsd.org/security/advisories/FreeBSD-EN-14%3A06.exec.asc Source: CCN Type: BID-67951 FreeBSD CVE-2014-3880 Local Denial of Service Vulnerability Source: XF Type: UNKNOWN freebsd-cve20143880-dos(93747) Source: CCN Type: WhiteSource Vulnerability Database CVE-2014-3880 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||