CVE-2014-2706
Summary
| CVE | CVE-2014-2706 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-04-14 23:55:00 UTC |
| Updated | 2023-11-07 02:19:00 UTC |
| Description | Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. |
Risk And Classification
Problem Types: CWE-362
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Oracle | Linux | 6 | - | All | All |
| Operating System | Oracle | Linux | 7 | - | All | All |
| Operating System | Oracle | Linux | 6 | - | All | All |
| Operating System | Oracle | Linux | 7 | - | All | All |
| Operating System | Suse | Linux Enterprise High Availability Extension | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise High Availability Extension | 11 | sp3 | All | All |
| Operating System | Suse | Suse Linux Enterprise Desktop | 11 | sp3 | All | All |
| Operating System | Suse | Suse Linux Enterprise Desktop | 11 | sp3 | All | All |
| Operating System | Suse | Suse Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Suse Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Suse Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Suse Linux Enterprise Server | 11 | sp3 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Bug 70551 – kernel crash on ath9k under heavy load | CONFIRM | bugzilla.kernel.org | Issue Tracking, Third Party Advisory |
| [security-announce] SUSE-SU-2014:1319-1: important: Security update for | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| mac80211: fix AP powersave TX vs. wakeup race · torvalds/linux@1d147bf · GitHub | CONFIRM | github.com | Exploit, Patch, Third Party Advisory |
| Android Security Bulletin—April 2017 | Android Open Source Project | CONFIRM | source.android.com | Patch, Third Party Advisory |
| kernel/git/torvalds/linux.git - Linux kernel source tree | git.kernel.org | ||
| Google Android Multiple Flaws Let Users Deny Service, Obtain Potentially Sensitive Information, and Gain Elevated Privileges and Let Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Bug 1083512 – CVE-2014-2706 Kernel: net: mac80211: crash dues to AP powersave TX vs. wakeup race | CONFIRM | bugzilla.redhat.com | Issue Tracking, Patch, Third Party Advisory |
| linux.oracle.com | ELSA-2014-3052 | CONFIRM | linux.oracle.com | Third Party Advisory |
| kernel/git/torvalds/linux.git - Linux kernel source tree | CONFIRM | git.kernel.org | Exploit, Mailing List, Patch, Vendor Advisory |
| www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7 | CONFIRM | www.kernel.org | Mailing List, Patch, Vendor Advisory |
| Security Advisory SA60613 - Oracle Linux update for kernel-uek - Secunia | SECUNIA | secunia.com | Broken Link |
| oss-security - Re: CVE request: Linux Kernel, two security issues | MLIST | www.openwall.com | Mailing List, Patch, Third Party Advisory |
| Linux Kernel 'mac80211/sta_info.c' NULL Pointer Dereference Denial of Service Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| [security-announce] SUSE-SU-2014:1316-1: important: Security update for | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.