Lucene search

K
nvd[email protected]NVD:CVE-2014-1737
HistoryMay 11, 2014 - 9:55 p.m.

CVE-2014-1737

2014-05-1121:55:05
CWE-754
web.nvd.nist.gov
6

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7

Confidence

High

EPSS

0

Percentile

10.1%

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.

Affected configurations

Nvd
Node
linuxlinux_kernelRange<3.2.59
OR
linuxlinux_kernelRange3.33.4.90
OR
linuxlinux_kernelRange3.53.10.40
OR
linuxlinux_kernelRange3.113.12.20
OR
linuxlinux_kernelRange3.133.14.4
Node
oraclelinuxMatch5-
OR
oraclelinuxMatch6-
Node
debiandebian_linuxMatch6.0
OR
debiandebian_linuxMatch7.0
Node
suselinux_enterprise_desktopMatch11sp3
OR
suselinux_enterprise_high_availability_extensionMatch11sp3
OR
suselinux_enterprise_real_time_extensionMatch11sp3
OR
suselinux_enterprise_serverMatch11sp3-
OR
suselinux_enterprise_serverMatch11sp3vmware
Node
redhatenterprise_linux_eusMatch5.6
OR
redhatenterprise_linux_eusMatch6.3
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
oraclelinux5cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*
oraclelinux6cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*
debiandebian_linux6.0cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
debiandebian_linux7.0cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
suselinux_enterprise_desktop11cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
suselinux_enterprise_high_availability_extension11cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*
suselinux_enterprise_real_time_extension11cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*
suselinux_enterprise_server11cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
suselinux_enterprise_server11cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
Rows per page:
1-10 of 121

References

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7

Confidence

High

EPSS

0

Percentile

10.1%