CVE-2014-1444

2014-01-1800:00:00

ubuntu.com

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel
before 3.11.7 does not properly initialize a certain data structure, which
allows local users to obtain sensitive information from kernel memory by
leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call.

Bugs

<https://launchpad.net/bugs/1271442>

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchlinux< 2.6.32-57.119UNKNOWN
ubuntu12.04noarchlinux< 3.2.0-58.88UNKNOWN
ubuntu13.10noarchlinux< 3.11.0-14.21UNKNOWN
ubuntu12.04noarchlinux-armadaxp< 3.2.0-1629.41UNKNOWN
ubuntu12.10noarchlinux-armadaxp< 3.5.0-1625.34UNKNOWN
ubuntu10.04noarchlinux-ec2< 2.6.32-362.75UNKNOWN
ubuntu12.04noarchlinux-lts-quantal< 3.5.0-44.67~precise1UNKNOWN
ubuntu12.04noarchlinux-lts-raring< 3.8.0-35.50~precise1UNKNOWN
ubuntu12.04noarchlinux-lts-saucy< 3.11.0-14.21~precise1UNKNOWN
ubuntu12.04noarchlinux-ti-omap4< 3.2.0-1442.61UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	linux	< 2.6.32-57.119	UNKNOWN
ubuntu	12.04	noarch	linux	< 3.2.0-58.88	UNKNOWN
ubuntu	13.10	noarch	linux	< 3.11.0-14.21	UNKNOWN
ubuntu	12.04	noarch	linux-armadaxp	< 3.2.0-1629.41	UNKNOWN
ubuntu	12.10	noarch	linux-armadaxp	< 3.5.0-1625.34	UNKNOWN
ubuntu	10.04	noarch	linux-ec2	< 2.6.32-362.75	UNKNOWN
ubuntu	12.04	noarch	linux-lts-quantal	< 3.5.0-44.67~precise1	UNKNOWN
ubuntu	12.04	noarch	linux-lts-raring	< 3.8.0-35.50~precise1	UNKNOWN
ubuntu	12.04	noarch	linux-lts-saucy	< 3.11.0-14.21~precise1	UNKNOWN
ubuntu	12.04	noarch	linux-ti-omap4	< 3.2.0-1442.61	UNKNOWN