CVE-2014-1738

CVSS v2.0 2.1 (Low)

EPSS 0.04 % (11^th)

Affected Products 8

Advisories 58

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.

Weaknesses

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CVE Status: PUBLISHED
CNA: Chrome
Published Date: 2014-05-11 21:55:05
(10 years ago)
Updated Date: 2023-11-07 02:19:18
(10 months ago)

Affected Products

Suse

Configuration #1

		CPE23	From	Up To
	Linux Kernel 3.14.3 and prior versions	cpe:2.3:o:linux:linux_kernel		<= 3.14.3

Configuration #2

		CPE23	From	Up To
	Redhat Enterprise Linux Eus 5.6	cpe:2.3:o:redhat:enterprise_linux_eus:5.6
	Redhat Enterprise Linux Eus 6.3	cpe:2.3:o:redhat:enterprise_linux_eus:6.3

Configuration #3

		CPE23	From	Up To
	Debian Linux 6.0	cpe:2.3:o:debian:debian_linux:6.0
	Debian Linux 7.0	cpe:2.3:o:debian:debian_linux:7.0

Configuration #4

		CPE23	From	Up To
	Oracle Linux 5	cpe:2.3:o:oracle:linux:5:-
	Oracle Linux 6	cpe:2.3:o:oracle:linux:6:-

Configuration #5

		CPE23	From	Up To
	Suse Linux Enterprise Desktop 11 SP3	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3
	Suse Linux Enterprise High Availability Extension 11 SP3	cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3
	Suse Linux Enterprise Real Time Extension 11 SP3	cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3
	Suse Linux Enterprise Server 11 SP3 For	cpe:2.3:o:suse:linux_enterprise_server:11:sp3:::*:-
	Suse Linux Enterprise Server 11 SP3 for Vmware	cpe:2.3:o:suse:linux_enterprise_server:11:sp3:::*:vmware

Weaknesses

Affected Products

Debian

Linux

Oracle

Redhat