CVE-2014-0069

Sažetak

The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.

Reference

http://article.gmane.org/gmane.linux.kernel.cifs/9401
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5d81de8e8667da7135d3a32a964087c0faf5483f
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html
http://rhn.redhat.com/errata/RHSA-2014-0328.html
http://www.openwall.com/lists/oss-security/2014/02/17/4
http://www.securityfocus.com/bid/65588
https://bugzilla.redhat.com/show_bug.cgi?id=1064253
https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

10-07-2024 - 15:28

Objavljeno

28-02-2014 - 06:18