PT-2014-1006 · Linux+5 · Linux Kernel+5

Matthew Daley

·

Published

2014-05-09

·

Updated

2020-08-21

·

CVE-2014-1738

CVSS v2.0

4.9

Medium

VectorAV:L/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 3.14.3
Description The issue is related to the raw cmd copyout function in drivers/block/floppy.c, which does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call. This allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. The problem is due to a lack of input sanitization in the FDRAWCMD ioctl system call, which can lead to information leakage and potentially elevate privileges.
Recommendations For Linux kernel versions through 3.14.3, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-264

Related Identifiers

ALT-PU-2014-1604
ALT-PU-2014-1605
ALT-PU-2014-1634
ALT-PU-2014-1802
ALT-PU-2014-1820
ALT-PU-2014-2064
BDU:2014-00052
BDU:2014-00111
CESA-2014_0771
CVE-2014-1738
DSA-2926-1
DSA-2928-1
MGASA-2014-0225
MGASA-2014-0226
MGASA-2014-0227
MGASA-2014-0228
MGASA-2014-0229
MGASA-2014-0234
MGASA-2014-0235
MGASA-2014-0236
MGASA-2014-0237
MGASA-2014-0238
OPENSUSE-SU-2014_0677-1
OPENSUSE-SU-2014_0678-1
RHSA-2014:0557
RHSA-2014:0740
RHSA-2014:0771
RHSA-2014:0772
RHSA-2014:0786
RHSA-2014:0800
RHSA-2014:0801
RHSA-2014:0900
RHSA-2014_0740
RHSA-2014_0771
RHSA-2014_0786
SUSE-RU-2015:0621-1
SUSE-SU-2015:0481-1
SUSE-SU-2015:0581-1
SUSE-SU-2015:0652-1
SUSE-SU-2015:0736-1
SUSE-SU-2015:1174-1
SUSE-SU-2015:1376-1
USN-2219-1
USN-2220-1
USN-2221-1
USN-2223-1
USN-2224-1
USN-2225-1
USN-2226-1
USN-2227-1
USN-2228-1
USN-2260-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu