2.3
CVE-2014-4027
- EPSS 0.65%
- Veröffentlicht 23.06.2014 11:21:18
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 3.14
Redhat ≫ Enterprise Linux Version6.0
Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm
Suse ≫ Linux Enterprise Desktop Version11 Updatesp3
Suse ≫ Linux Enterprise High Availability Extension Version11 Updatesp3
Suse ≫ Linux Enterprise Real Time Extension Version11 Updatesp3
Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatform-
Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatformvmware
F5 ≫ Big-ip Access Policy Manager Version >= 11.1.0 <= 11.6.0
F5 ≫ Big-ip Access Policy Manager Version12.0.0
F5 ≫ Big-ip Advanced Firewall Manager Version >= 11.3.0 <= 11.6.0
F5 ≫ Big-ip Advanced Firewall Manager Version12.0.0
F5 ≫ Big-ip Analytics Version >= 11.1.0 <= 11.6.0
F5 ≫ Big-ip Analytics Version12.0.0
F5 ≫ Big-ip Application Acceleration Manager Version >= 11.4.0 <= 11.6.0
F5 ≫ Big-ip Application Acceleration Manager Version12.0.0
F5 ≫ Big-ip Application Security Manager Version >= 11.1.0 <= 11.6.0
F5 ≫ Big-ip Application Security Manager Version12.0.0
F5 ≫ Big-ip Domain Name System Version12.0.0
F5 ≫ Big-ip Edge Gateway Version >= 11.1.0 <= 11.3.0
F5 ≫ Big-ip Global Traffic Manager Version >= 11.1.0 <= 11.6.0
F5 ≫ Big-ip Link Controller Version >= 11.1.0 <= 11.6.0
F5 ≫ Big-ip Link Controller Version12.0.0
F5 ≫ Big-ip Local Traffic Manager Version >= 11.1.0 <= 11.6.0
F5 ≫ Big-ip Local Traffic Manager Version12.0.0
F5 ≫ Big-ip Policy Enforcement Manager Version >= 11.3.0 <= 11.6.0
F5 ≫ Big-ip Policy Enforcement Manager Version12.0.0
F5 ≫ Big-ip Protocol Security Module Version >= 11.1.0 <= 11.4.1
F5 ≫ Big-ip Wan Optimization Manager Version >= 11.1.0 <= 11.3.0
F5 ≫ Big-ip Webaccelerator Version >= 11.1.0 <= 11.3.0
F5 ≫ Big-iq Application Delivery Controller Version4.5.0
F5 ≫ Big-iq Cloud Version >= 4.0.0 <= 4.5.0
F5 ≫ Big-iq Device Version >= 4.2.0 <= 4.5.0
F5 ≫ Big-iq Security Version >= 4.0.0 <= 4.5.0
F5 ≫ Enterprise Manager Version >= 3.0.0 <= 3.1.1
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.65% | 0.463 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.3 | 4.4 | 2.9 |
AV:A/AC:M/Au:S/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html
http://secunia.com/advisories/59777
http://secunia.com/advisories/60564
http://www.ubuntu.com/usn/USN-2334-1
http://www.ubuntu.com/usn/USN-2335-1
http://secunia.com/advisories/61310
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc
http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618
http://secunia.com/advisories/59134
http://www.openwall.com/lists/oss-security/2014/06/11/1
https://bugzilla.redhat.com/show_bug.cgi?id=1108744
https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc