First published: Mon May 05 2014(Updated: )
A flaw was found in the way Linux kernel's floppy driver treated userspace provided data in certain error code path while processing FDRAWCMD ioctl command. An local user with write access to /dev/fdX could use this flaw to kfree() arbitrary data. (<a href="https://access.redhat.com/security/cve/CVE-2014-1737">CVE-2014-1737</a>) It was found that Linux kernel's floppy driver leaked internal kernel memory addresses to userspace during processing of FDRAWCMD ioctl command. An local user with write access to /dev/fdX could use this flaw to get information about kernel heap arrangment. (<a href="https://access.redhat.com/security/cve/CVE-2014-1738">CVE-2014-1738</a>) An local user with write access to /dev/fdX could use these two flaws (<a href="https://access.redhat.com/security/cve/CVE-2014-1737">CVE-2014-1737</a> in combination with <a href="https://access.redhat.com/security/cve/CVE-2014-1738">CVE-2014-1738</a>) to escalate their privileges on the system. Acknowledgements: Red Hat would like to thank Matthew Daley for reporting these issues.
Credit: cve-coordination@google.com chrome-cve-admin@google.com cve-coordination@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel | <0:2.6.18-371.9.1.el5 | 0:2.6.18-371.9.1.el5 |
redhat/kernel | <0:2.6.18-238.53.1.el5 | 0:2.6.18-238.53.1.el5 |
redhat/kernel | <0:2.6.18-348.27.1.el5 | 0:2.6.18-348.27.1.el5 |
redhat/kernel | <0:2.6.32-431.20.3.el6 | 0:2.6.32-431.20.3.el6 |
redhat/kernel | <0:2.6.32-220.52.1.el6 | 0:2.6.32-220.52.1.el6 |
redhat/kernel | <0:2.6.32-358.46.1.el6 | 0:2.6.32-358.46.1.el6 |
redhat/kernel | <0:3.10.0-123.4.2.el7 | 0:3.10.0-123.4.2.el7 |
redhat/kernel-rt | <0:3.10.33-rt32.34.el6 | 0:3.10.33-rt32.34.el6 |
Linux Linux kernel | <3.2.59 | |
Linux Linux kernel | >=3.3<3.4.90 | |
Linux Linux kernel | >=3.5<3.10.40 | |
Linux Linux kernel | >=3.11<3.12.20 | |
Linux Linux kernel | >=3.13<3.14.4 | |
Oracle Linux | =5 | |
Oracle Linux | =6 | |
Debian Debian Linux | =6.0 | |
Debian Debian Linux | =7.0 | |
SUSE Linux Enterprise Desktop | =11-sp3 | |
Suse Linux Enterprise High Availability Extension | =11-sp3 | |
Suse Linux Enterprise Real Time Extension | =11-sp3 | |
SUSE Linux Enterprise Server | =11-sp3 | |
Suse Linux Enterprise Server | =11-sp3 | |
Redhat Enterprise Linux Eus | =5.6 | |
Redhat Enterprise Linux Eus | =6.3 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)