2.1

CVE-2014-1739

EPSS 0.1%
Veröffentlicht 23.06.2014 11:21:17
Zuletzt bearbeitet 06.05.2026 22:30:45
Quelle chrome-cve-admin@google.com
CVE-Watchlists
Login
Unerledigt
Login

The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 19

NVD 7 VulnDex Vulnerability Enrichment 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 3.14.6

Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version13.10

Suse ≫ Linux Enterprise High Availability Extension Version11 Updatesp3

Suse ≫ Suse Linux Enterprise Desktop Version11 Updatesp3

Suse ≫ Suse Linux Enterprise Server Version11 Updatesp3 SwPlatform-

Suse ≫ Suse Linux Enterprise Server Version11 Updatesp3 SwPlatformvmware

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.281

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html

http://www.securitytracker.com/id/1038201

https://source.android.com/security/bulletin/2017-04-01

http://secunia.com/advisories/59597

http://www.ubuntu.com/usn/USN-2259-1

http://www.ubuntu.com/usn/USN-2261-1

http://www.ubuntu.com/usn/USN-2263-1

http://www.ubuntu.com/usn/USN-2264-1

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e6a623460e5fc960ac3ee9f946d3106233fd28d8

http://speirofr.appspot.com/cve-2014-1739-kernel-infoleak-vulnerability-in-media_enum_entities.html

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.6

http://www.openwall.com/lists/oss-security/2014/06/15/1

http://www.securityfocus.com/bid/68048

https://bugzilla.redhat.com/show_bug.cgi?id=1109774

https://github.com/torvalds/linux/commit/e6a623460e5fc960ac3ee9f946d3106233fd28d8

https://nvd.nist.gov/vuln/detail/CVE-2014-1739

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-1739

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-1739

EUVD