CVE-2014-1737

high

Description

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.

References

https://github.com/torvalds/linux/commit/ef87dbe7614341c2e7bfe8d32fcb7028cc97442c

https://bugzilla.redhat.com/show_bug.cgi?id=1094299

http://www.securitytracker.com/id/1030474

http://www.securityfocus.com/bid/67300

http://www.openwall.com/lists/oss-security/2014/05/09/2

http://www.debian.org/security/2014/dsa-2928

http://www.debian.org/security/2014/dsa-2926

http://secunia.com/advisories/59599

http://secunia.com/advisories/59406

http://secunia.com/advisories/59309

http://secunia.com/advisories/59262

http://rhn.redhat.com/errata/RHSA-2014-0801.html

http://rhn.redhat.com/errata/RHSA-2014-0800.html

http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html

http://linux.oracle.com/errata/ELSA-2014-3043.html

http://linux.oracle.com/errata/ELSA-2014-0771.html

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c

Details

Source: Mitre, NVD

Published: 2014-05-11

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High