{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-09T00:00:00", "descriptions": [{"lang": "en", "value": "The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-20T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"name": "67300", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/67300"}, {"name": "SUSE-SU-2014:0683", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"}, {"name": "59262", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59262"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c"}, {"name": "59309", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59309"}, {"name": "59406", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59406"}, {"name": "DSA-2928", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-2928"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"}, {"name": "RHSA-2014:0800", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"}, {"name": "[oss-security] 20140509 Linux kernel floppy ioctl kernel code execution", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/05/09/2"}, {"name": "59599", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59599"}, {"name": "DSA-2926", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-2926"}, {"name": "SUSE-SU-2014:0667", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"}, {"name": "1030474", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1030474"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/ef87dbe7614341c2e7bfe8d32fcb7028cc97442c"}, {"name": "RHSA-2014:0801", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0801.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2014-1737", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "67300", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67300"}, {"name": "SUSE-SU-2014:0683", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"}, {"name": "59262", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59262"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c"}, {"name": "59309", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59309"}, {"name": "59406", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59406"}, {"name": "DSA-2928", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2928"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299"}, {"name": "http://linux.oracle.com/errata/ELSA-2014-0771.html", "refsource": "CONFIRM", "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"}, {"name": "RHSA-2014:0800", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"}, {"name": "[oss-security] 20140509 Linux kernel floppy ioctl kernel code execution", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/05/09/2"}, {"name": "59599", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59599"}, {"name": "DSA-2926", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2926"}, {"name": "SUSE-SU-2014:0667", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"}, {"name": "1030474", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030474"}, {"name": "http://linux.oracle.com/errata/ELSA-2014-3043.html", "refsource": "CONFIRM", "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html"}, {"name": "https://github.com/torvalds/linux/commit/ef87dbe7614341c2e7bfe8d32fcb7028cc97442c", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/ef87dbe7614341c2e7bfe8d32fcb7028cc97442c"}, {"name": "RHSA-2014:0801", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0801.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:50:11.078Z"}, "title": "CVE Program Container", "references": [{"name": "67300", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/67300"}, {"name": "SUSE-SU-2014:0683", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"}, {"name": "59262", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59262"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c"}, {"name": "59309", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59309"}, {"name": "59406", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59406"}, {"name": "DSA-2928", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-2928"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"}, {"name": "RHSA-2014:0800", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"}, {"name": "[oss-security] 20140509 Linux kernel floppy ioctl kernel code execution", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/05/09/2"}, {"name": "59599", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59599"}, {"name": "DSA-2926", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-2926"}, {"name": "SUSE-SU-2014:0667", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"}, {"name": "1030474", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1030474"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/ef87dbe7614341c2e7bfe8d32fcb7028cc97442c"}, {"name": "RHSA-2014:0801", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0801.html"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2014-1737", "datePublished": "2014-05-11T21:00:00", "dateReserved": "2014-01-29T00:00:00", "dateUpdated": "2024-08-06T09:50:11.078Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "74BC856E-F9AD-434B-8F63-644F2AC5F067", "versionEndExcluding": "3.2.59", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD302139-CFCB-4323-9D29-011D8936F1C3", "versionEndExcluding": "3.4.90", "versionStartIncluding": "3.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "287DC65B-A513-4FB9-A1CF-69F428030DF8", "versionEndExcluding": "3.10.40", "versionStartIncluding": "3.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D82F8C94-5FA7-4A7A-8855-ECF21B3BBD42", "versionEndExcluding": "3.12.20", "versionStartIncluding": "3.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9996644C-371E-49B9-A494-733B1EA513EC", "versionEndExcluding": "3.14.4", "versionStartIncluding": "3.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*", "matchCriteriaId": "62A2AC02-A933-4E51-810E-5D040B476B7B", "vulnerable": true}, {"criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", "matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "A3A907A3-2A3A-46D4-8D75-914649877B65", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3DB41B45-D94D-4A58-88B0-B3EC3EC350E2", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", "matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*", "matchCriteriaId": "903512FC-0017-4564-9B89-7E64FFB14B11", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device."}, {"lang": "es", "value": "La funci\u00f3n raw_cmd_copyin en drivers/block/floppy.c en el kernel de Linux hasta 3.14.3 no maneja debidamente condiciones de error durante el procesado de una llamada FDRAWCMD ioctl, lo que permite a usuarios locales provocar operaciones kfree y ganar privilegios mediante el aprovechamiento de acceso de escritura hacia un dispositivo /dev/fd."}], "id": "CVE-2014-1737", "lastModified": "2024-11-21T02:04:55.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-11T21:55:05.810", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c"}, {"source": "chrome-cve-admin@google.com", "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-0801.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/59262"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/59309"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/59406"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/59599"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.debian.org/security/2014/dsa-2926"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.debian.org/security/2014/dsa-2928"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.openwall.com/lists/oss-security/2014/05/09/2"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securityfocus.com/bid/67300"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securitytracker.com/id/1030474"}, {"source": "chrome-cve-admin@google.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299"}, {"source": "chrome-cve-admin@google.com", "url": "https://github.com/torvalds/linux/commit/ef87dbe7614341c2e7bfe8d32fcb7028cc97442c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-0801.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59262"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59309"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59406"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59599"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-2926"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-2928"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/05/09/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/67300"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1030474"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/torvalds/linux/commit/ef87dbe7614341c2e7bfe8d32fcb7028cc97442c"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Matthew Daley for reporting this issue.", "affected_release": [{"advisory": "RHSA-2014:0740", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "kernel-0:2.6.18-371.9.1.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2014-06-10T00:00:00Z"}, {"advisory": "RHSA-2014:0801", "cpe": "cpe:/o:redhat:rhel_mission_critical:5.6", "package": "kernel-0:2.6.18-238.53.1.el5", "product_name": "Red Hat Enterprise Linux 5.6 Long Life", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0772", "cpe": "cpe:/o:redhat:rhel_eus:5.9", "package": "kernel-0:2.6.18-348.27.1.el5", "product_name": "Red Hat Enterprise Linux 5.9 Extended Update Support", "release_date": "2014-06-19T00:00:00Z"}, {"advisory": "RHSA-2014:0771", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-431.20.3.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-06-19T00:00:00Z"}, {"advisory": "RHSA-2014:0800", "cpe": "cpe:/o:redhat:rhel_mission_critical:6.2", "package": "kernel-0:2.6.32-220.52.1.el6", "product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0900", "cpe": "cpe:/o:redhat:rhel_eus:6.4", "package": "kernel-0:2.6.32-358.46.1.el6", "product_name": "Red Hat Enterprise Linux 6.4 Extended Update Support", "release_date": "2014-07-17T00:00:00Z"}, {"advisory": "RHSA-2014:0786", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-123.4.2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2014-06-24T00:00:00Z"}, {"advisory": "RHSA-2014:0557", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-0:3.10.33-rt32.34.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2014-05-27T00:00:00Z"}], "bugzilla": {"description": "kernel: block: floppy: privilege escalation via FDRAWCMD floppy ioctl command", "id": "1094299", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299"}, "csaw": false, "cvss": {"cvss_base_score": "6.6", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "status": "verified"}, "details": ["The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.", "A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important)\nIt was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\nNote: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system."], "name": "CVE-2014-1737", "package_state": [{"cpe": "cpe:/o:redhat:rhel_eus:5.6", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux Extended Update Support 5.6"}, {"cpe": "cpe:/o:redhat:rhel_eus:6.3", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux Extended Update Support 6.3"}], "public_date": "2014-05-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-1737\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1737"], "threat_severity": "Important"}