CVE-2014-9940

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-9940
The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.

7.0 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.6 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 4.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=60a2362f769cf549dc466134efe71c8bf9fbaaba Issue Tracking Patch Third Party Advisory
http://www.debian.org/security/2017/dsa-3945 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/98195 Third Party Advisory VDB Entry
https://github.com/torvalds/linux/commit/60a2362f769cf549dc466134efe71c8bf9fbaaba Issue Tracking Patch Third Party Advisory
https://source.android.com/security/bulletin/2017-05-01 Vendor Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=60a2362f769cf549dc466134efe71c8bf9fbaaba Issue Tracking Patch Third Party Advisory
http://www.debian.org/security/2017/dsa-3945 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/98195 Third Party Advisory VDB Entry
https://github.com/torvalds/linux/commit/60a2362f769cf549dc466134efe71c8bf9fbaaba Issue Tracking Patch Third Party Advisory
https://source.android.com/security/bulletin/2017-05-01 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.10:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.10:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.10:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.10:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.10:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.10:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.10:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.10:rc7:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2017-05-02 21:59

Updated : 2025-04-20 01:37

NVD link : CVE-2014-9940

Mitre link : CVE-2014-9940

CVE.ORG link : CVE-2014-9940

JSON object : View

Products Affected

linux

  • linux_kernel

google

  • android
CWE
CWE-416

Use After Free