CVE-2014-3880
Last modified
CVE-2014-3880 is a vulnerability of currently unknown severity. The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a process before all threads have terminated, which allows local users to cause a denial of service (triple-fault and system reboot) via a crafted system call, which triggers an invalid page table pointer dereference.. EPSS estimates a 0.36% chance of exploitation in the next 30 days.
Description
The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a process before all threads have terminated, which allows local users to cause a denial of service (triple-fault and system reboot) via a crafted system call, which triggers an invalid page table pointer dereference.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Freebsd | 8.4 |
| Freebsd | Freebsd | 9.1 |
| Freebsd | Freebsd | 9.2 |
| Freebsd | Freebsd | 10.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-3880?
How severe is CVE-2014-3880?
How do I fix CVE-2014-3880?
Are you affected by CVE-2014-3880?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST