CVE-2014-1737
Summary
| CVE | CVE-2014-1737 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-05-11 21:55:00 UTC |
| Updated | 2023-11-07 02:19:00 UTC |
| Description | The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. |
Risk And Classification
Problem Types: CWE-754
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 6.0 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 6.0 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Oracle | Linux | 5 | - | All | All |
| Operating System | Oracle | Linux | 6 | - | All | All |
| Operating System | Oracle | Linux | 5 | - | All | All |
| Operating System | Oracle | Linux | 6 | - | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 5.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 6.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 5.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 6.3 | All | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise High Availability Extension | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise High Availability Extension | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Real Time Extension | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Real Time Extension | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp3 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [security-announce] SUSE-SU-2014:0667-1: important: Security update for | lists.opensuse.org | ||
| Debian -- Security Information -- DSA-2928-1 linux-2.6 | www.debian.org | ||
| Red Hat Customer Portal | rhn.redhat.com | ||
| Linux Kernel Floppy Driver Bugs Let Local Users Gain Elevated Privileges - SecurityTracker | www.securitytracker.com | ||
| oss-security - Linux kernel floppy ioctl kernel code execution | MLIST | www.openwall.com | Mailing List, Third Party Advisory |
| linux.oracle.com | ELSA-2014-3043 | linux.oracle.com | ||
| Security Advisory SA59262 - Oracle Linux update for kernel - Secunia | SECUNIA | secunia.com | Broken Link |
| kernel/git/torvalds/linux.git - Linux kernel source tree | git.kernel.org | ||
| Security Advisory SA59599 - Ubuntu update for kernel - Secunia | secunia.com | ||
| linux.oracle.com | ELSA-2014-0771 - kernel security and bug fix update | CONFIRM | linux.oracle.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| About Secunia Research | Flexera | SECUNIA | secunia.com | Broken Link |
| [security-announce] SUSE-SU-2014:0683-1: important: Security update for | lists.opensuse.org | ||
| Linux Kernel CVE-2014-1737 Function Local Privilege Escalation Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| floppy: ignore kernel-only members in FDRAWCMD ioctl input · torvalds/linux@ef87dbe · GitHub | CONFIRM | github.com | Patch, Third Party Advisory |
| Security Advisory SA59406 - Oracle Linux update for kernel-uek - Secunia | SECUNIA | secunia.com | Broken Link |
| 1094299 – (CVE-2014-1737, CVE-2014-1738) CVE-2014-1737 CVE-2014-1738 kernel: block: floppy: privilege escalation via FDRAWCMD floppy ioctl command | CONFIRM | bugzilla.redhat.com | Issue Tracking, Patch, Third Party Advisory |
| kernel/git/torvalds/linux.git - Linux kernel source tree | CONFIRM | git.kernel.org | Mailing List, Patch, Vendor Advisory |
| Debian -- Security Information -- DSA-2926-1 linux | DEBIAN | www.debian.org | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.