CVE-2014-0069: Buffer Overflow
First published: Wed Feb 12 2014(Updated: )
A flaw was found in the way cifs handled iovecs with bogus pointers userland passed down via writev() during uncached writes. An unprivileged local user with access to cifs share could use this flaw to crash the system or leak kernel memory. Privilege escalation cannot be ruled out (since memory corruption is involved), but is unlikely. The default cache settings for cifs mounts on Red Hat Enterprise Linux prohibit successful exploitation of this issue. Acknowledgements: Red Hat would like to thank Al Viro for reporting this issue.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | <3.2.57 | |
| Linux Kernel | >=3.3<3.4.83 | |
| Linux Kernel | >=3.5<3.10.33 | |
| Linux Kernel | >=3.11<3.12.14 | |
| Linux Kernel | >=3.13<3.13.6 | |
| SUSE Linux Enterprise Desktop with Beagle | =11-sp3 | |
| SUSE Linux Enterprise Server | =11 | |
| SUSE Linux Enterprise Server | =11-sp3 | |
| suse linux enterprise server vmware | =11-sp3 | |
| redhat enterprise Linux desktop | =6.0 | |
| redhat enterprise Linux eus | =6.5 | |
| redhat enterprise Linux server | =6.0 | |
| redhat enterprise Linux server aus | =6.5 | |
| redhat enterprise Linux server tus | =6.5 | |
| redhat enterprise Linux workstation | =6.0 | |
| Linux Kernel | <=3.13.5 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.13-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/65588
- https://bugzilla.redhat.com/show_bug.cgi?id=1064253
- http://rhn.redhat.com/errata/RHSA-2014-0328.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html
- http://article.gmane.org/gmane.linux.kernel.cifs/9401
- http://www.openwall.com/lists/oss-security/2014/02/17/4
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5d81de8e8667da7135d3a32a964087c0faf5483f
- https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f
- https://launchpad.net/bugs/cve/CVE-2014-0069
- http://article.gmane.org/gmane.linux.kernel.cifs/9402
- https://rhn.redhat.com/errata/RHSA-2014-0328.html
- https://rhn.redhat.com/errata/RHSA-2014-0439.html
- https://security-tracker.debian.org/tracker/CVE-2014-0069
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0069
- https://nvd.nist.gov/vuln/detail/CVE-2014-0069
- https://ubuntu.com/security/CVE-2014-0069
Frequently Asked Questions
What is the severity of CVE-2014-0069?
CVE-2014-0069 is considered a high-severity vulnerability due to its potential to crash the system or leak sensitive kernel memory.
How do I fix CVE-2014-0069?
To mitigate CVE-2014-0069, users should upgrade to a patched version of the Linux Kernel, specifically versions 5.10.223-1 or newer.
Who is affected by CVE-2014-0069?
CVE-2014-0069 affects installations of the Linux Kernel up to version 3.13.5, along with certain versions of SUSE and Red Hat Enterprise Linux.
Can CVE-2014-0069 lead to privilege escalation?
Yes, while the primary concern with CVE-2014-0069 is system crashes and memory leaks, privilege escalation cannot be ruled out.
How does CVE-2014-0069 work?
CVE-2014-0069 exploits a flaw in the way the CIFS protocol handles iovecs with invalid pointers during uncached writes.
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-0069
- agent/severity
- agent/weakness
- agent/author
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/description
- agent/event
- agent/trending
- agent/last-modified-date
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-cve
- agent/softwarecombine
- agent/tags
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/3.3
- version/linux kernel/3.5
- version/linux kernel/3.11
- version/linux kernel/3.13
- vendor/suse
- canonical/suse linux enterprise desktop with beagle
- version/suse linux enterprise desktop with beagle/11-sp3
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11
- version/suse linux enterprise server/11-sp3
- canonical/suse linux enterprise server vmware
- version/suse linux enterprise server vmware/11-sp3
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/6.5
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/6.5
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/6.5
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- version/linux kernel/3.13.5
- package-manager/debian