CVE 2014-7284
The net_get_random_once implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote attackers to spoof or disrupt IP communication by leveraging the predictability of TCP sequence numbers, TCP and UDP port numbers, and IP ID values.
Related bugs and status
CVE-2014-7284 (Candidate) is related to these bugs:
Bug #1377339: CVE-2014-7284
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1377339 | CVE-2014-7284 | linux (Ubuntu) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-fsl-imx51 (Ubuntu) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-mvl-dove (Ubuntu) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-backport-maverick (Ubuntu) | Undecided | New | ||
1377339 | CVE-2014-7284 | linux-lts-backport-natty (Ubuntu) | Undecided | New | ||
1377339 | CVE-2014-7284 | linux-ti-omap4 (Ubuntu) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-ec2 (Ubuntu) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-backport-maverick (Ubuntu Utopic) | Undecided | Won't Fix | ||
1377339 | CVE-2014-7284 | linux-lts-backport-natty (Ubuntu Utopic) | Undecided | Won't Fix | ||
1377339 | CVE-2014-7284 | linux (Ubuntu Trusty) | Medium | Fix Released | ||
1377339 | CVE-2014-7284 | linux-ec2 (Ubuntu Trusty) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-fsl-imx51 (Ubuntu Trusty) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-backport-maverick (Ubuntu Trusty) | Undecided | New | ||
1377339 | CVE-2014-7284 | linux-lts-backport-natty (Ubuntu Trusty) | Undecided | New | ||
1377339 | CVE-2014-7284 | linux-mvl-dove (Ubuntu Trusty) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-ti-omap4 (Ubuntu Trusty) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux (Ubuntu Precise) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-ec2 (Ubuntu Precise) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-fsl-imx51 (Ubuntu Precise) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-backport-maverick (Ubuntu Precise) | Undecided | Won't Fix | ||
1377339 | CVE-2014-7284 | linux-lts-backport-natty (Ubuntu Precise) | Undecided | Won't Fix | ||
1377339 | CVE-2014-7284 | linux-mvl-dove (Ubuntu Precise) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-ti-omap4 (Ubuntu Precise) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-backport-maverick (Ubuntu Lucid) | Undecided | Won't Fix | ||
1377339 | CVE-2014-7284 | linux-lts-backport-natty (Ubuntu Lucid) | Undecided | Won't Fix | ||
1377339 | CVE-2014-7284 | linux-armadaxp (Ubuntu) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-armadaxp (Ubuntu Precise) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-armadaxp (Ubuntu Trusty) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-saucy (Ubuntu) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-saucy (Ubuntu Precise) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-saucy (Ubuntu Trusty) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-quantal (Ubuntu) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-quantal (Ubuntu Precise) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-quantal (Ubuntu Trusty) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-raring (Ubuntu) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-raring (Ubuntu Precise) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-raring (Ubuntu Trusty) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-trusty (Ubuntu Precise) | Medium | Fix Released | ||
1377339 | CVE-2014-7284 | linux (Ubuntu Vivid) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-armadaxp (Ubuntu Vivid) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-ec2 (Ubuntu Vivid) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-fsl-imx51 (Ubuntu Vivid) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-backport-maverick (Ubuntu Vivid) | Undecided | New | ||
1377339 | CVE-2014-7284 | linux-lts-backport-natty (Ubuntu Vivid) | Undecided | New | ||
1377339 | CVE-2014-7284 | linux-lts-quantal (Ubuntu Vivid) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-raring (Ubuntu Vivid) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-saucy (Ubuntu Vivid) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-mvl-dove (Ubuntu Vivid) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-ti-omap4 (Ubuntu Vivid) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux (Ubuntu Wily) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-armadaxp (Ubuntu Wily) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-ec2 (Ubuntu Wily) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-fsl-imx51 (Ubuntu Wily) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-backport-maverick (Ubuntu Wily) | Undecided | New | ||
1377339 | CVE-2014-7284 | linux-lts-backport-natty (Ubuntu Wily) | Undecided | New | ||
1377339 | CVE-2014-7284 | linux-lts-quantal (Ubuntu Wily) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-raring (Ubuntu Wily) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-saucy (Ubuntu Wily) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-mvl-dove (Ubuntu Wily) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-ti-omap4 (Ubuntu Wily) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-goldfish (Ubuntu) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-goldfish (Ubuntu Precise) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-goldfish (Ubuntu Vivid) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-goldfish (Ubuntu Wily) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-flo (Ubuntu) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-flo (Ubuntu Precise) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-flo (Ubuntu Vivid) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-flo (Ubuntu Wily) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-vivid (Ubuntu) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-vivid (Ubuntu Precise) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-vivid (Ubuntu Vivid) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-lts-vivid (Ubuntu Wily) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-mako (Ubuntu) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-mako (Ubuntu Precise) | Medium | Invalid | ||
1377339 | CVE-2014-7284 | linux-mako (Ubuntu Vivid) | Medium | Invalid |
See the
CVE page on Mitre.org
for more details.