CVE-2014-1739

2014-06-2311:21:17

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

4.7

Confidence

High

EPSS

Percentile

10.5%

JSON

The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.

Affected configurations

Nvd

Node

linuxlinux_kernelRange<3.14.6

Node

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch13.10

Node

suselinux_enterprise_high_availability_extensionMatch11sp3

susesuse_linux_enterprise_desktopMatch11sp3

susesuse_linux_enterprise_serverMatch11sp3-

susesuse_linux_enterprise_serverMatch11sp3vmware

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
canonicalubuntu_linux12.04cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
canonicalubuntu_linux13.10cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
suselinux_enterprise_high_availability_extension11cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*
susesuse_linux_enterprise_desktop11cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
susesuse_linux_enterprise_server11cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:-:*:*
susesuse_linux_enterprise_server11cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:vmware:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
canonical	ubuntu_linux	12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
canonical	ubuntu_linux	13.10	cpe:2.3:o:canonical:ubuntu_linux:13.10:::::::*
suse	linux_enterprise_high_availability_extension	11	cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3::::::
suse	suse_linux_enterprise_desktop	11	cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp3::::::
suse	suse_linux_enterprise_server	11	cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3::::-::*
suse	suse_linux_enterprise_server	11	cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3::::vmware::*