2.1

CVE-2014-1738

EPSS 0.03%
Published 11.05.2014 21:55:05
Last modified 12.04.2025 10:46:40
Source chrome-cve-admin@google.com
Teams watchlist Login
Open Login

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.

Affected products Warnungen 0 Metrics 2 CWE 1 References 21

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version <= 3.14.3

Redhat ≫ Enterprise Linux Eus Version5.6

Redhat ≫ Enterprise Linux Eus Version6.3

Debian ≫ Debian Linux Version6.0

Debian ≫ Debian Linux Version7.0

Oracle ≫ Linux Version5 Update-

Oracle ≫ Linux Version6 Update-

Suse ≫ Linux Enterprise Desktop Version11 Updatesp3

Suse ≫ Linux Enterprise High Availability Extension Version11 Updatesp3

Suse ≫ Linux Enterprise Real Time Extension Version11 Updatesp3

Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatform-

Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatformvmware

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.067

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://linux.oracle.com/errata/ELSA-2014-0771.html

http://linux.oracle.com/errata/ELSA-2014-3043.html

http://secunia.com/advisories/59262

http://secunia.com/advisories/59309

http://secunia.com/advisories/59406

http://secunia.com/advisories/59599

http://www.debian.org/security/2014/dsa-2926

http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html

http://www.debian.org/security/2014/dsa-2928

http://rhn.redhat.com/errata/RHSA-2014-0800.html

http://rhn.redhat.com/errata/RHSA-2014-0801.html

http://www.openwall.com/lists/oss-security/2014/05/09/2

http://www.securitytracker.com/id/1030474

https://bugzilla.redhat.com/show_bug.cgi?id=1094299

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2145e15e0557a01b9195d1c7199a1b92cb9be81f

http://www.securityfocus.com/bid/67302

https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f

https://nvd.nist.gov/vuln/detail/CVE-2014-1738

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-1738

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-1738

EUVD