CVE-2014-0069

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 3.13.5

Description The issue is related to the cifs iovec write function in fs/cifs/file.c, which does not properly handle uncached write operations that copy fewer than the requested number of bytes. This allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.

Recommendations For Linux kernel versions through 3.13.5, update to a version later than 3.13.5 to resolve the issue. As a temporary workaround, consider restricting access to the cifs iovec write function until a patch is available.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2014-1272

ALT-PU-2014-1375

ALT-PU-2014-1547

ALT-PU-2014-2064

AZL-34154

AZL-34848

BDU:2014-00054

CESA-2014_0328

CVE-2014-0069

MGASA-2014-0103

MGASA-2014-0206

MGASA-2014-0207

MGASA-2014-0208

MGASA-2014-0228

MGASA-2014-0229

MGASA-2014-0234

MGASA-2014-0235

MGASA-2014-0236

MGASA-2014-0237

MGASA-2014-0238

OPENSUSE-SU-2014_0677-1

OPENSUSE-SU-2014_0678-1

RHSA-2014:0328

RHSA-2014:0439

RHSA-2014_0328

SUSE-RU-2015:0621-1

SUSE-SU-2015:0481-1

SUSE-SU-2015:0581-1

SUSE-SU-2015:0736-1

SUSE-SU-2015:1174-1

SUSE-SU-2015:1376-1

USN-2175-1

USN-2176-1

USN-2177-1

USN-2178-1

USN-2179-1

USN-2180-1

USN-2181-1

USN-2221-1

USN-2227-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

CVE-2014-0069

Weakness Enumeration

Related Identifiers

Affected Products

References · 102