CVE-2014-1738

high

Description

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.

References

https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f

https://bugzilla.redhat.com/show_bug.cgi?id=1094299

http://www.securitytracker.com/id/1030474

http://www.securityfocus.com/bid/67302

http://www.openwall.com/lists/oss-security/2014/05/09/2

http://www.debian.org/security/2014/dsa-2928

http://www.debian.org/security/2014/dsa-2926

http://secunia.com/advisories/59599

http://secunia.com/advisories/59406

http://secunia.com/advisories/59309

http://secunia.com/advisories/59262

http://rhn.redhat.com/errata/RHSA-2014-0801.html

http://rhn.redhat.com/errata/RHSA-2014-0800.html

http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html

http://linux.oracle.com/errata/ELSA-2014-3043.html

http://linux.oracle.com/errata/ELSA-2014-0771.html

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2145e15e0557a01b9195d1c7199a1b92cb9be81f

Details

Source: Mitre, NVD

Published: 2014-05-11

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Severity: High