Vulnerability Details : CVE-2014-1738
The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2014-1738
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-1738
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2014-1738
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1738
-
http://www.openwall.com/lists/oss-security/2014/05/09/2
oss-security - Linux kernel floppy ioctl kernel code executionMailing List;Third Party Advisory
-
http://www.debian.org/security/2014/dsa-2928
Debian -- Security Information -- DSA-2928-1 linux-2.6Third Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2145e15e0557a01b9195d1c7199a1b92cb9be81f
kernel/git/torvalds/linux.git - Linux kernel source treeMailing List;Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/67302
Linux Kernel CVE-2014-1738 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html
[security-announce] SUSE-SU-2014:0683-1: important: Security update forMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-0801.html
RHSA-2014:0801 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f
floppy: don't write kernel-only members to FDRAWCMD ioctl output · torvalds/linux@2145e15 · GitHubPatch;Third Party Advisory
-
http://linux.oracle.com/errata/ELSA-2014-3043.html
linux.oracle.com | ELSA-2014-3043Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-0800.html
RHSA-2014:0800 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securitytracker.com/id/1030474
Linux Kernel Floppy Driver Bugs Let Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.debian.org/security/2014/dsa-2926
Debian -- Security Information -- DSA-2926-1 linuxThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1094299
1094299 – (CVE-2014-1737, CVE-2014-1738) CVE-2014-1737 CVE-2014-1738 kernel: block: floppy: privilege escalation via FDRAWCMD floppy ioctl commandIssue Tracking;Patch;Third Party Advisory
-
http://linux.oracle.com/errata/ELSA-2014-0771.html
linux.oracle.com | ELSA-2014-0771Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html
[security-announce] SUSE-SU-2014:0667-1: important: Security update forMailing List;Third Party Advisory
Products affected by CVE-2014-1738
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
- cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*