CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:M/Au:S/C:P/I:N/A:N
EPSS
Percentile
10.3%
The rd_build_device_space function in drivers/target/target_core_rd.c in
the Linux kernel before 3.14 does not properly initialize a certain data
structure, which allows local users to obtain sensitive information from
ramdisk_mcp memory by leveraging access to a SCSI initiator.
Author | Note |
---|---|
jdstrand | android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels |
seth-arnold | Suggested it was introduced in 2.6.38 |
jdstrand | linux-lts-saucy no longer receives official support |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | linux | < 3.2.0-68.102 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < 3.13.0-35.62 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | < 3.2.0-1637.54 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-quantal | < 3.5.0-54.81~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-trusty | < 3.13.0-35.62~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-ti-omap4 | < 3.2.0-1452.72 | UNKNOWN |
www.openwall.com/lists/oss-security/2014/06/11/1
launchpad.net/bugs/cve/CVE-2014-4027
nvd.nist.gov/vuln/detail/CVE-2014-4027
security-tracker.debian.org/tracker/CVE-2014-4027
ubuntu.com/security/notices/USN-2285-1
ubuntu.com/security/notices/USN-2334-1
ubuntu.com/security/notices/USN-2335-1
ubuntu.com/security/notices/USN-2336-1
ubuntu.com/security/notices/USN-2337-1
www.cve.org/CVERecord?id=CVE-2014-4027