CVE-2014-1738

2014-05-1121:55:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2014-1738

linux kernel

floppy.c

fdrawcmd

ioctl call

local users

sensitive information

kernel heap memory

/dev/fd device

nvd

5.1 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

9.3%

JSON

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle3.14.3
redhat:enterprise_linux_eusredhat enterprise linux euseq6.3
redhat:enterprise_linux_eusredhat enterprise linux euseq5.6
debian:debian_linuxdebian debian linuxeq7.0
debian:debian_linuxdebian debian linuxeq6.0
oracle:linuxoracle linuxeq5
oracle:linuxoracle linuxeq6
suse:linux_enterprise_desktopsuse linux enterprise desktopeq11
suse:linux_enterprise_serversuse linux enterprise servereq11
suse:linux_enterprise_real_time_extensionsuse linux enterprise real time extensioneq11

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	3.14.3
redhat:enterprise_linux_eus	redhat enterprise linux eus	eq	6.3
redhat:enterprise_linux_eus	redhat enterprise linux eus	eq	5.6
debian:debian_linux	debian debian linux	eq	7.0
debian:debian_linux	debian debian linux	eq	6.0
oracle:linux	oracle linux	eq	5
oracle:linux	oracle linux	eq	6
suse:linux_enterprise_desktop	suse linux enterprise desktop	eq	11
suse:linux_enterprise_server	suse linux enterprise server	eq	11
suse:linux_enterprise_real_time_extension	suse linux enterprise real time extension	eq	11