Home > Vulnerability Database > CVE-2014-3880

Mend.io Vulnerability Database

CVE-2014-3880

Date: June 10, 2014

The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a process before all threads have terminated, which allows local users to cause a denial of service (triple-fault and system reboot) via a crafted system call, which triggers an invalid page table pointer dereference.

Severity Score

6.2

Related Resources (6)

Url: http://www.freebsd.org/security/advisories/FreeBSD-EN-14%3A06.exec.asc

Url: http://secunia.com/advisories/59034

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-3880

Url: http://www.debian.org/security/2014/dsa-2952

Url: https://security-tracker.debian.org/tracker/CVE-2014-3880

Url: https://www.mend.io/vulnerability-database/CVE-2014-3880

Severity Score

6.2

Weakness Type (CWE)

Input Validation

CWE-20

CVSS v3.1

Base Score:	6.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	4.9
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-3880

Date: June 10, 2014

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?