The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
07 Nov 2023, 02:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | () http://www.securityfocus.com/bid/67300 - | |
References | () http://www.openwall.com/lists/oss-security/2014/05/09/2 - | |
References | () http://secunia.com/advisories/59599 - | |
References | () http://www.debian.org/security/2014/dsa-2926 - | |
References | () https://github.com/torvalds/linux/commit/ef87dbe7614341c2e7bfe8d32fcb7028cc97442c - | |
References | () http://rhn.redhat.com/errata/RHSA-2014-0800.html - | |
References | () http://secunia.com/advisories/59309 - | |
References | () http://linux.oracle.com/errata/ELSA-2014-0771.html - | |
References | () http://www.securitytracker.com/id/1030474 - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html - | |
References | () http://linux.oracle.com/errata/ELSA-2014-3043.html - | |
References | () http://secunia.com/advisories/59406 - | |
References | () http://rhn.redhat.com/errata/RHSA-2014-0801.html - | |
References | () http://www.debian.org/security/2014/dsa-2928 - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html - | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=1094299 - | |
References | () http://secunia.com/advisories/59262 - |
Information
Published : 2014-05-11 21:55
Updated : 2024-02-28 12:20
NVD link : CVE-2014-1737
Mitre link : CVE-2014-1737
CVE.ORG link : CVE-2014-1737
JSON object : View
Products Affected
linux
- linux_kernel
suse
- linux_enterprise_real_time_extension
- linux_enterprise_server
- linux_enterprise_desktop
- linux_enterprise_high_availability_extension
debian
- debian_linux
oracle
- linux
redhat
- enterprise_linux_eus
CWE
CWE-754
Improper Check for Unusual or Exceptional Conditions