| Vulnerability Name: | CVE-2014-7145 (CCN-96025) | ||||||||||||||||||||||||
| Assigned: | 2014-08-17 | ||||||||||||||||||||||||
| Published: | 2014-08-17 | ||||||||||||||||||||||||
| Updated: | 2023-01-17 | ||||||||||||||||||||||||
| Summary: | The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C) 5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
3.4 Low (REDHAT Temporal CVSS v2 Vector: AV:A/AC:H/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-476 | ||||||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2014-7145 Source: cve@mitre.org Type: Patch, Issue Tracking cve@mitre.org Source: CCN Type: RHSA-2015-0102 Important: kernel security and bug fix update Source: cve@mitre.org Type: Third Party Advisory cve@mitre.org Source: CCN Type: oss-security Mailing List, Wed, 17 Sep 2014 12:02:03 +0200 CVE request: [CIFS] Possible null ptr deref in SMB2_tcon Source: CCN Type: oss-security Mailing List, Mon, 22 Sep 2014 02:19:40 -0400 (EDT) Re: CVE request: [CIFS] Possible null ptr deref in SMB2_tcon / Linux kernel Source: CCN Type: IBM Security Bulletin 1021943 PowerKVM Kernel Vulnerabilities - Multiple CVEs Source: cve@mitre.org Type: Release Notes, Vendor Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: CCN Type: BID-69867 Linux Kernel 'SMB2_tcon' NULL Pointer Dereference Denial of Service Vulnerability Source: cve@mitre.org Type: Third Party Advisory, VDB Entry cve@mitre.org Source: cve@mitre.org Type: Third Party Advisory cve@mitre.org Source: XF Type: UNKNOWN linux-kernel-smb2tcon-dos(96025) Source: CCN Type: Linux Kernel GIT Repository Possible null ptr deref in SMB2_tcon Source: cve@mitre.org Type: Patch, Issue Tracking cve@mitre.org | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||