CVE-2014-1737
First published: Mon May 05 2014(Updated: )
A flaw was found in the way Linux kernel's floppy driver treated userspace provided data in certain error code path while processing FDRAWCMD ioctl command. An local user with write access to /dev/fdX could use this flaw to kfree() arbitrary data. (<a href="https://access.redhat.com/security/cve/CVE-2014-1737">CVE-2014-1737</a>) It was found that Linux kernel's floppy driver leaked internal kernel memory addresses to userspace during processing of FDRAWCMD ioctl command. An local user with write access to /dev/fdX could use this flaw to get information about kernel heap arrangment. (<a href="https://access.redhat.com/security/cve/CVE-2014-1738">CVE-2014-1738</a>) An local user with write access to /dev/fdX could use these two flaws (<a href="https://access.redhat.com/security/cve/CVE-2014-1737">CVE-2014-1737</a> in combination with <a href="https://access.redhat.com/security/cve/CVE-2014-1738">CVE-2014-1738</a>) to escalate their privileges on the system. Acknowledgements: Red Hat would like to thank Matthew Daley for reporting these issues.
Credit: cve-coordination@google.com chrome-cve-admin@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <0:2.6.18-371.9.1.el5 | 0:2.6.18-371.9.1.el5 |
| redhat/kernel | <0:2.6.18-238.53.1.el5 | 0:2.6.18-238.53.1.el5 |
| redhat/kernel | <0:2.6.18-348.27.1.el5 | 0:2.6.18-348.27.1.el5 |
| redhat/kernel | <0:2.6.32-431.20.3.el6 | 0:2.6.32-431.20.3.el6 |
| redhat/kernel | <0:2.6.32-220.52.1.el6 | 0:2.6.32-220.52.1.el6 |
| redhat/kernel | <0:2.6.32-358.46.1.el6 | 0:2.6.32-358.46.1.el6 |
| redhat/kernel | <0:3.10.0-123.4.2.el7 | 0:3.10.0-123.4.2.el7 |
| redhat/kernel-rt | <0:3.10.33-rt32.34.el6 | 0:3.10.33-rt32.34.el6 |
| Linux Kernel | <3.2.59 | |
| Linux Kernel | >=3.3<3.4.90 | |
| Linux Kernel | >=3.5<3.10.40 | |
| Linux Kernel | >=3.11<3.12.20 | |
| Linux Kernel | >=3.13<3.14.4 | |
| Oracle Linux | =5 | |
| Oracle Linux | =6 | |
| Debian GNU/Linux | =6.0 | |
| Debian GNU/Linux | =7.0 | |
| SUSE Linux Enterprise Desktop with Beagle | =11-sp3 | |
| SUSE Linux Enterprise High Availability | =11-sp3 | |
| SUSE Linux Enterprise Real Time Extension | =11-sp3 | |
| SUSE Linux Enterprise Server | =11-sp3 | |
| suse linux enterprise server vmware | =11-sp3 | |
| redhat enterprise Linux eus | =5.6 | |
| redhat enterprise Linux eus | =6.3 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2014-1737 https://nvd.nist.gov/vuln/detail/CVE-2014-1737
- https://bugzilla.redhat.com/show_bug.cgi?id=1094299
- https://access.redhat.com/errata/RHSA-2014:0740
- https://access.redhat.com/errata/RHSA-2014:0801
- https://access.redhat.com/errata/RHSA-2014:0772
- https://access.redhat.com/errata/RHSA-2014:0771
- https://access.redhat.com/errata/RHSA-2014:0800
- https://access.redhat.com/errata/RHSA-2014:0900
- https://access.redhat.com/errata/RHSA-2014:0786
- https://access.redhat.com/errata/RHSA-2014:0557
- https://access.redhat.com/security/cve/CVE-2014-1737
- http://www.openwall.com/lists/oss-security/2014/05/09/2
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c
- https://github.com/torvalds/linux/commit/ef87dbe7614341c2e7bfe8d32fcb7028cc97442c
- http://www.debian.org/security/2014/dsa-2926
- http://www.debian.org/security/2014/dsa-2928
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html
- http://www.securityfocus.com/bid/67300
- http://linux.oracle.com/errata/ELSA-2014-0771.html
- http://linux.oracle.com/errata/ELSA-2014-3043.html
- http://secunia.com/advisories/59309
- http://secunia.com/advisories/59599
- http://secunia.com/advisories/59262
- http://secunia.com/advisories/59406
- http://www.securitytracker.com/id/1030474
- http://rhn.redhat.com/errata/RHSA-2014-0800.html
- http://rhn.redhat.com/errata/RHSA-2014-0801.html
- https://launchpad.net/bugs/cve/CVE-2014-1737
- https://access.redhat.com/security/cve/CVE-2014-1738
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2145e15e0557a01b9195d1c7199a1b92cb9be81f
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1096195
- https://rhn.redhat.com/errata/RHSA-2014-0557.html
- https://rhn.redhat.com/errata/RHSA-2014-0740.html
- https://rhn.redhat.com/errata/RHSA-2014-0771.html
- https://rhn.redhat.com/errata/RHSA-2014-0772.html
- https://rhn.redhat.com/errata/RHSA-2014-0786.html
- https://rhn.redhat.com/errata/RHSA-2014-0800.html
- https://rhn.redhat.com/errata/RHSA-2014-0801.html
- https://rhn.redhat.com/errata/RHSA-2014-0900.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c
- https://security-tracker.debian.org/tracker/CVE-2014-1737
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737
- https://nvd.nist.gov/vuln/detail/CVE-2014-1737
- https://ubuntu.com/security/CVE-2014-1737
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2014-1737?
CVE-2014-1737 has been classified with a moderate severity level due to its potential for local privilege escalation.
How do I fix CVE-2014-1737?
To fix CVE-2014-1737, update the kernel to one of the recommended remedied versions listed in the advisory.
Which versions of the Linux kernel are affected by CVE-2014-1737?
Linux kernel versions prior to 3.10.0-123.4.2.el7 are affected by CVE-2014-1737.
Who can exploit CVE-2014-1737?
A local user with write access to /dev/fdX can potentially exploit CVE-2014-1737.
What is the impact of CVE-2014-1737?
The impact of CVE-2014-1737 could allow a local user to free arbitrary memory, leading to potential system instability or local privilege escalation.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-1737
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/description
- agent/trending
- agent/last-modified-date
- agent/source
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/author
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- package-manager/redhat
- package-manager/debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/3.3
- version/linux kernel/3.5
- version/linux kernel/3.11
- version/linux kernel/3.13
- vendor/oracle
- canonical/oracle linux
- version/oracle linux/5
- version/oracle linux/6
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/6.0
- version/debian gnu/linux/7.0
- vendor/suse
- canonical/suse linux enterprise desktop with beagle
- version/suse linux enterprise desktop with beagle/11-sp3
- canonical/suse linux enterprise high availability
- version/suse linux enterprise high availability/11-sp3
- canonical/suse linux enterprise real time extension
- version/suse linux enterprise real time extension/11-sp3
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp3
- canonical/suse linux enterprise server vmware
- version/suse linux enterprise server vmware/11-sp3
- vendor/redhat
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/5.6
- version/redhat enterprise linux eus/6.3