CVE-2014-6417

Description

net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket.

How to fix CVE-2014-6417

To remediate CVE-2014-6417, upgrade the affected package to a fixed version below.

• Debian/linux—upgrade to 3.16.3-1 or later

Is CVE-2014-6417 being exploited?

Moderate — EPSS is 5.2%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 3.16.3-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-6417