CVE-2014-0077

Name: CVE-2014-0077
Creator: NVD / NIST
Published: 2014-04-14T23:55:07.53+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.81%

Last modified Jun 17, 2026

CVE-2014-0077 is a vulnerability of currently unknown severity. drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.. EPSS estimates a 0.81% chance of exploitation in the next 30 days.

Description

drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.

Metrics

EPSS Probability

0.81%

52.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-787

Affected Software

Vendor	Product	Versions
Linux	Linux Kernel	< 3.13.10

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d8316f3991d207fe32881a9ac20241be8fa2bad0
http://secunia.com/advisories/59386Broken Link
http://secunia.com/advisories/59599Broken Link
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.10Mailing List, Patch, Vendor Advisory
http://www.securityfocus.com/bid/66678Third Party Advisory, VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1064440Issue Tracking, Patch, Third Party Advisory
https://github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0Patch, Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d8316f3991d207fe32881a9ac20241be8fa2bad0
http://secunia.com/advisories/59386Broken Link
http://secunia.com/advisories/59599Broken Link
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.10Mailing List, Patch, Vendor Advisory
http://www.securityfocus.com/bid/66678Third Party Advisory, VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1064440Issue Tracking, Patch, Third Party Advisory
https://github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0Patch, Third Party Advisory

Timeline

Published: Apr 14, 2014
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-0077?

How severe is CVE-2014-0077?

Severity scoring for CVE-2014-0077 is pending analysis. The EPSS model estimates a 0.81% probability of exploitation in the next 30 days.

How do I fix CVE-2014-0077?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-0077?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST