2.3

CVE-2014-4027

EPSS 0.09%
Published 23.06.2014 11:21:18
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.

Affected products Warnungen 0 Metrics 2 CWE 1 References 17

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 3.14

Redhat ≫ Enterprise Linux Version6.0

Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm

Suse ≫ Linux Enterprise Desktop Version11 Updatesp3

Suse ≫ Linux Enterprise High Availability Extension Version11 Updatesp3

Suse ≫ Linux Enterprise Real Time Extension Version11 Updatesp3

Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatform-

Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatformvmware

F5 ≫ Big-ip Access Policy Manager Version >= 11.1.0 <= 11.6.0

F5 ≫ Big-ip Access Policy Manager Version12.0.0

F5 ≫ Big-ip Advanced Firewall Manager Version >= 11.3.0 <= 11.6.0

F5 ≫ Big-ip Advanced Firewall Manager Version12.0.0

F5 ≫ Big-ip Analytics Version >= 11.1.0 <= 11.6.0

F5 ≫ Big-ip Analytics Version12.0.0

F5 ≫ Big-ip Application Acceleration Manager Version >= 11.4.0 <= 11.6.0

F5 ≫ Big-ip Application Acceleration Manager Version12.0.0

F5 ≫ Big-ip Application Security Manager Version >= 11.1.0 <= 11.6.0

F5 ≫ Big-ip Application Security Manager Version12.0.0

F5 ≫ Big-ip Domain Name System Version12.0.0

F5 ≫ Big-ip Edge Gateway Version >= 11.1.0 <= 11.3.0

F5 ≫ Big-ip Global Traffic Manager Version >= 11.1.0 <= 11.6.0

F5 ≫ Big-ip Link Controller Version >= 11.1.0 <= 11.6.0

F5 ≫ Big-ip Link Controller Version12.0.0

F5 ≫ Big-ip Local Traffic Manager Version >= 11.1.0 <= 11.6.0

F5 ≫ Big-ip Local Traffic Manager Version12.0.0

F5 ≫ Big-ip Policy Enforcement Manager Version >= 11.3.0 <= 11.6.0

F5 ≫ Big-ip Policy Enforcement Manager Version12.0.0

F5 ≫ Big-ip Protocol Security Module Version >= 11.1.0 <= 11.4.1

F5 ≫ Big-ip Wan Optimization Manager Version >= 11.1.0 <= 11.3.0

F5 ≫ Big-ip Webaccelerator Version >= 11.1.0 <= 11.3.0

F5 ≫ Big-iq Application Delivery Controller Version4.5.0

F5 ≫ Big-iq Cloud Version >= 4.0.0 <= 4.5.0

F5 ≫ Big-iq Device Version >= 4.2.0 <= 4.5.0

F5 ≫ Big-iq Security Version >= 4.0.0 <= 4.5.0

F5 ≫ Enterprise Manager Version >= 3.0.0 <= 3.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.267

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.3	4.4	2.9	AV:A/AC:M/Au:S/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/59777

Broken Link

http://secunia.com/advisories/60564

Broken Link

http://www.ubuntu.com/usn/USN-2334-1

Third Party Advisory

http://www.ubuntu.com/usn/USN-2335-1

Third Party Advisory

http://secunia.com/advisories/61310

Broken Link

https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html

Third Party Advisory

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc

http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618

Broken Link

http://secunia.com/advisories/59134

Broken Link

http://www.openwall.com/lists/oss-security/2014/06/11/1

Patch

Third Party Advisory

Mailing List

https://bugzilla.redhat.com/show_bug.cgi?id=1108744

Patch

Third Party Advisory

Issue Tracking

https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2014-4027

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-4027

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-4027

EUVD