CVE-2014-1737

Sažetak

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.

Reference

http://www.securityfocus.com/bid/67300
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html
http://secunia.com/advisories/59262
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c
http://secunia.com/advisories/59309
http://secunia.com/advisories/59406
http://www.debian.org/security/2014/dsa-2928
https://bugzilla.redhat.com/show_bug.cgi?id=1094299
http://linux.oracle.com/errata/ELSA-2014-0771.html
http://rhn.redhat.com/errata/RHSA-2014-0800.html
http://www.openwall.com/lists/oss-security/2014/05/09/2
http://secunia.com/advisories/59599
http://www.debian.org/security/2014/dsa-2926
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html
http://www.securitytracker.com/id/1030474
http://linux.oracle.com/errata/ELSA-2014-3043.html
https://github.com/torvalds/linux/commit/ef87dbe7614341c2e7bfe8d32fcb7028cc97442c
http://rhn.redhat.com/errata/RHSA-2014-0801.html

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

07-11-2023 - 02:19

Objavljeno

11-05-2014 - 21:55