Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-2038
HistoryFeb 28, 2014 - 12:00 a.m.

CVE-2014-2038

2014-02-2800:00:00
ubuntu.com
ubuntu.com
16

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

EPSS

0

Percentile

5.1%

The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel
before 3.13.3 relies on a write delegation to extend a write operation
without a certain up-to-date verification, which allows local users to
obtain sensitive information from kernel memory in opportunistic
circumstances by writing to a file in an NFS filesystem and then reading
the same file.

Bugs

Notes

Author Note
jdstrand android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels
OSVersionArchitecturePackageVersionFilename
ubuntu13.10noarchlinux< 3.11.0-18.32UNKNOWN
ubuntu12.04noarchlinux-lts-saucy< 3.11.0-18.32~precise1UNKNOWN

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

EPSS

0

Percentile

5.1%