{
  "threat_severity" : "Important",
  "public_date" : "2014-09-09T00:00:00Z",
  "bugzilla" : {
    "description" : "Kernel: netdevice.h: NULL pointer dereference over VxLAN",
    "id" : "1114540",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1114540"
  },
  "cvss" : {
    "cvss_base_score" : "5.4",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:N/I:N/A:C",
    "status" : "verified"
  },
  "cwe" : "CWE-228->CWE-476",
  "details" : [ "include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) by sending invalid packets to a VxLAN interface.", "A NULL pointer dereference flaw was found in the way the Linux kernel's networking implementation handled logging while processing certain invalid packets coming in via a VxLAN interface. A remote attacker could use this flaw to crash the system by sending a specially crafted packet to such an interface." ],
  "statement" : "This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 7 and Red Hat Enterprise MRG 2.\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6. Future kernel updates for Red Hat Enterprise Linux 6\nmay address this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2014-09-09T00:00:00Z",
    "advisory" : "RHSA-2014:1167",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-431.29.2.el6"
  }, {
    "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-6",
    "release_date" : "2014-09-09T00:00:00Z",
    "advisory" : "RHSA-2014:1168",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6::hypervisor",
    "package" : "rhev-hypervisor6-0:6.5-20140821.1.el6ev"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Not affected",
    "package_name" : "realtime-kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-3535\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3535" ],
  "name" : "CVE-2014-3535",
  "csaw" : false
}