Unrated severityNVD Advisory· Published Feb 6, 2014· Updated Apr 29, 2026

CVE-2014-0038

Description

The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.

Affected products

Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: >=3.4,<3.4.79
OpenSUSE/openSUSE
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
osv-coords22 versions
pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%206 pkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%206 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%206 pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/kernel-xen&distro=SUSE%20OpenStack%20Cloud%206 pkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_23&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_23&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_23&distro=SUSE%20OpenStack%20Cloud%206 pkg:rpm/suse/kgraft-patch-SLE12_Update_29&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS
< 4.8.13-1.1+ 21 more
- (no CPE)range: < 4.8.13-1.1
- (no CPE)range: < 3.12.74-60.64.66.1
- (no CPE)range: < 3.12.61-52.106.1
- (no CPE)range: < 3.12.74-60.64.66.1
- (no CPE)range: < 3.12.74-60.64.66.1
- (no CPE)range: < 3.12.74-60.64.66.1
- (no CPE)range: < 3.12.74-60.64.66.1
- (no CPE)range: < 3.12.61-52.106.1
- (no CPE)range: < 3.12.74-60.64.66.1
- (no CPE)range: < 3.12.74-60.64.66.1
- (no CPE)range: < 3.12.74-60.64.66.1
- (no CPE)range: < 3.12.61-52.106.1
- (no CPE)range: < 3.12.74-60.64.66.1
- (no CPE)range: < 3.12.74-60.64.66.1
- (no CPE)range: < 3.12.74-60.64.66.1
- (no CPE)range: < 3.12.61-52.106.1
- (no CPE)range: < 3.12.74-60.64.66.1
- (no CPE)range: < 3.12.74-60.64.66.1
- (no CPE)range: < 1-2.1
- (no CPE)range: < 1-2.1
- (no CPE)range: < 1-2.1
- (no CPE)range: < 1-5.1

Patches

2def2ef2ae5f

https://github.com/torvalds/linuxvia nvd-ref

commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

pastebin.com/raw.phpnvdExploit
github.com/torvalds/linux/commit/2def2ef2ae5f3990aabdbe8a755911902707d268nvdExploitPatch
git.kernel.orgnvdThird Party AdvisoryVDB Entry
lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.htmlnvdThird Party AdvisoryVDB Entry
lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.htmlnvdThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/31346nvdThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/31347nvdThird Party AdvisoryVDB Entry
www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.2nvdThird Party Advisory
www.mandriva.com/security/advisoriesnvdThird Party Advisory
www.securityfocus.com/bid/65255nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-2094-1nvdThird Party Advisory
www.ubuntu.com/usn/USN-2095-1nvdThird Party Advisory
www.ubuntu.com/usn/USN-2096-1nvdThird Party Advisory
code.google.com/p/chromium/issues/detailnvdThird Party Advisory
www.exploit-db.com/exploits/40503/nvdThird Party AdvisoryVDB Entry
secunia.com/advisories/56669nvdNot Applicable
www.openwall.com/lists/oss-security/2014/01/31/2nvdMailing List
bugzilla.redhat.com/show_bug.cginvdIssue Tracking

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.041
exploit	0.030
kev	0.000
patch	-0.070
ransomware	0.000