1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.3%
The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel
before 3.11.7 does not properly initialize a certain data structure, which
allows local users to obtain sensitive information from kernel memory by
leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | linux | <Â 2.6.32-57.119 | UNKNOWN |
ubuntu | 12.04 | noarch | linux | <Â 3.2.0-58.88 | UNKNOWN |
ubuntu | 13.10 | noarch | linux | <Â 3.11.0-14.21 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | <Â 3.2.0-1629.41 | UNKNOWN |
ubuntu | 12.10 | noarch | linux-armadaxp | <Â 3.5.0-1625.34 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-ec2 | <Â 2.6.32-362.75 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-quantal | <Â 3.5.0-44.67~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-raring | <Â 3.8.0-35.50~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-saucy | <Â 3.11.0-14.21~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-ti-omap4 | <Â 3.2.0-1442.61 | UNKNOWN |
www.openwall.com/lists/oss-security/2014/01/15
launchpad.net/bugs/cve/CVE-2014-1444
nvd.nist.gov/vuln/detail/CVE-2014-1444
security-tracker.debian.org/tracker/CVE-2014-1444
ubuntu.com/security/notices/USN-2040-1
ubuntu.com/security/notices/USN-2042-1
ubuntu.com/security/notices/USN-2049-1
ubuntu.com/security/notices/USN-2050-1
ubuntu.com/security/notices/USN-2066-1
ubuntu.com/security/notices/USN-2067-1
ubuntu.com/security/notices/USN-2069-1
ubuntu.com/security/notices/USN-2128-1
ubuntu.com/security/notices/USN-2129-1
www.cve.org/CVERecord?id=CVE-2014-1444