High severity7.8NVD Advisory· Published Feb 7, 2017· Updated May 13, 2026

CVE-2014-9914

Description

Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets.

Affected products

Google/Android
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
Range: <=7.1.1
Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: >=3.7.8,<3.10.45

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/nvdIssue TrackingPatchThird Party Advisory
github.com/torvalds/linux/commit/9709674e68646cee5a24e3000b3558d25412203anvdIssue TrackingPatchThird Party Advisory
source.android.com/security/bulletin/2017-02-01.htmlnvdThird Party Advisory
www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2nvdRelease NotesVendor Advisory
www.securityfocus.com/bid/96100nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1037798nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000