7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
The kernel-rt is vulnerable to sensitive information disclosure. A flaw was found in the way the Linux kernel’s CIFS implementation handled uncached write operations with specially crafted iovec structures. An unprivileged local user with access to a CIFS share could use this flaw to crash the system, leak kernel memory, or, potentially, escalate their privileges on the system.
article.gmane.org/gmane.linux.kernel.cifs/9401
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5d81de8e8667da7135d3a32a964087c0faf5483f
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5d81de8e8667da7135d3a32a964087c0faf5483f
lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html
rhn.redhat.com/errata/RHSA-2014-0328.html
www.openwall.com/lists/oss-security/2014/02/17/4
www.securityfocus.com/bid/65588
access.redhat.com/security/updates/classification/#important
access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/index.html
bugzilla.redhat.com/show_bug.cgi?id=1016735
bugzilla.redhat.com/show_bug.cgi?id=1032245
bugzilla.redhat.com/show_bug.cgi?id=1058848
bugzilla.redhat.com/show_bug.cgi?id=1064253
bugzilla.redhat.com/show_bug.cgi?id=1067880
github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f
rhn.redhat.com/errata/RHSA-2014-0439.html