CVE-2014-1738
Summary
| CVE | CVE-2014-1738 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-05-11 21:55:00 UTC |
| Updated | 2023-11-07 02:19:00 UTC |
| Description | The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 6.0 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 6.0 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Oracle | Linux | 5 | - | All | All |
| Operating System | Oracle | Linux | 6 | - | All | All |
| Operating System | Oracle | Linux | 5 | - | All | All |
| Operating System | Oracle | Linux | 6 | - | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 5.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 6.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 5.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 6.3 | All | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise High Availability Extension | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise High Availability Extension | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Real Time Extension | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Real Time Extension | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp3 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [security-announce] SUSE-SU-2014:0667-1: important: Security update for | lists.opensuse.org | ||
| Debian -- Security Information -- DSA-2928-1 linux-2.6 | www.debian.org | ||
| Red Hat Customer Portal | rhn.redhat.com | ||
| Linux Kernel Floppy Driver Bugs Let Local Users Gain Elevated Privileges - SecurityTracker | www.securitytracker.com | ||
| oss-security - Linux kernel floppy ioctl kernel code execution | MLIST | www.openwall.com | Mailing List, Third Party Advisory |
| linux.oracle.com | ELSA-2014-3043 | linux.oracle.com | ||
| Security Advisory SA59262 - Oracle Linux update for kernel - Secunia | SECUNIA | secunia.com | Broken Link |
| floppy: don't write kernel-only members to FDRAWCMD ioctl output · torvalds/linux@2145e15 · GitHub | CONFIRM | github.com | Patch, Third Party Advisory |
| Security Advisory SA59599 - Ubuntu update for kernel - Secunia | secunia.com | ||
| linux.oracle.com | ELSA-2014-0771 - kernel security and bug fix update | CONFIRM | linux.oracle.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| About Secunia Research | Flexera | SECUNIA | secunia.com | Broken Link |
| [security-announce] SUSE-SU-2014:0683-1: important: Security update for | lists.opensuse.org | ||
| Security Advisory SA59406 - Oracle Linux update for kernel-uek - Secunia | SECUNIA | secunia.com | Broken Link |
| kernel/git/torvalds/linux.git - Linux kernel source tree | git.kernel.org | ||
| 1094299 – (CVE-2014-1737, CVE-2014-1738) CVE-2014-1737 CVE-2014-1738 kernel: block: floppy: privilege escalation via FDRAWCMD floppy ioctl command | CONFIRM | bugzilla.redhat.com | Issue Tracking, Patch, Third Party Advisory |
| Linux Kernel CVE-2014-1738 Local Privilege Escalation Vulnerability | www.securityfocus.com | ||
| kernel/git/torvalds/linux.git - Linux kernel source tree | CONFIRM | git.kernel.org | Mailing List, Patch, Vendor Advisory |
| Debian -- Security Information -- DSA-2926-1 linux | DEBIAN | www.debian.org | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.