Moderate

CVE-2014-5332 - Race Conditions vulnerability in Linux Kernel 3.10

Publication: 2015-02-06
Summary

Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 allows local users to gain privileges via a crafted NVMAP_IOC_CREATE IOCTL call, which triggers a use-after-free error, as demonstrated by using a race condition to escape the Chrome sandbox.

Classification
CWE-362: Race Conditions

Risk level (CVSS 6.9)

Moderate

6.9

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Linux Linux Kernel 3.10