Lucene search

K
nvd[email protected]NVD:CVE-2014-1738
HistoryMay 11, 2014 - 9:55 p.m.

CVE-2014-1738

2014-05-1121:55:05
CWE-200
web.nvd.nist.gov
6

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

0

Percentile

10.1%

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.

Affected configurations

Nvd
Node
linuxlinux_kernelRange3.14.3
Node
redhatenterprise_linux_eusMatch5.6
OR
redhatenterprise_linux_eusMatch6.3
Node
debiandebian_linuxMatch6.0
OR
debiandebian_linuxMatch7.0
Node
oraclelinuxMatch5-
OR
oraclelinuxMatch6-
Node
suselinux_enterprise_desktopMatch11sp3
OR
suselinux_enterprise_high_availability_extensionMatch11sp3
OR
suselinux_enterprise_real_time_extensionMatch11sp3
OR
suselinux_enterprise_serverMatch11sp3-
OR
suselinux_enterprise_serverMatch11sp3vmware
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
redhatenterprise_linux_eus5.6cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*
redhatenterprise_linux_eus6.3cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
debiandebian_linux6.0cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
debiandebian_linux7.0cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
oraclelinux5cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*
oraclelinux6cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*
suselinux_enterprise_desktop11cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
suselinux_enterprise_high_availability_extension11cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*
suselinux_enterprise_real_time_extension11cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*
Rows per page:
1-10 of 121

References

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

0

Percentile

10.1%