2.1
CVE-2014-1738
- EPSS 0.52%
- Veröffentlicht 11.05.2014 21:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle chrome-cve-admin@google.com
- CVE-Watchlists
- Unerledigt
The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version <= 3.14.3
Redhat ≫ Enterprise Linux Eus Version5.6
Redhat ≫ Enterprise Linux Eus Version6.3
Debian ≫ Debian Linux Version6.0
Debian ≫ Debian Linux Version7.0
Suse ≫ Linux Enterprise Desktop Version11 Updatesp3
Suse ≫ Linux Enterprise High Availability Extension Version11 Updatesp3
Suse ≫ Linux Enterprise Real Time Extension Version11 Updatesp3
Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatform-
Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatformvmware
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.52% | 0.402 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://linux.oracle.com/errata/ELSA-2014-0771.html
http://linux.oracle.com/errata/ELSA-2014-3043.html
http://secunia.com/advisories/59262
http://secunia.com/advisories/59309
http://secunia.com/advisories/59406
http://secunia.com/advisories/59599
http://www.debian.org/security/2014/dsa-2926
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html
http://www.debian.org/security/2014/dsa-2928
http://rhn.redhat.com/errata/RHSA-2014-0800.html
http://rhn.redhat.com/errata/RHSA-2014-0801.html
http://www.openwall.com/lists/oss-security/2014/05/09/2
http://www.securitytracker.com/id/1030474
https://bugzilla.redhat.com/show_bug.cgi?id=1094299
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2145e15e0557a01b9195d1c7199a1b92cb9be81f
http://www.securityfocus.com/bid/67302
https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f