Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-3880

The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a process before all threads have terminated, which allows local users to cause a denial of service (triple-fault and system reboot) via a crafted system call, which triggers an invalid page table pointer dereference.

Published

2014-06-10T14:55:10.477

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.9 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

6.9

Weaknesses
  • Type: Primary
    CWE-20
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System freebsd freebsd 8.4 Yes
Operating System freebsd freebsd 9.1 Yes
Operating System freebsd freebsd 9.2 Yes
Operating System freebsd freebsd 10.0 Yes
References