{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-09T00:00:00", "descriptions": [{"lang": "en", "value": "The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-20T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"name": "SUSE-SU-2014:0683", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"}, {"name": "67302", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/67302"}, {"name": "59262", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59262"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2145e15e0557a01b9195d1c7199a1b92cb9be81f"}, {"name": "59309", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59309"}, {"name": "59406", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59406"}, {"name": "DSA-2928", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-2928"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"}, {"name": "RHSA-2014:0800", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"}, {"name": "[oss-security] 20140509 Linux kernel floppy ioctl kernel code execution", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/05/09/2"}, {"name": "59599", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59599"}, {"name": "DSA-2926", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-2926"}, {"name": "SUSE-SU-2014:0667", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f"}, {"name": "1030474", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1030474"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html"}, {"name": "RHSA-2014:0801", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0801.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2014-1738", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SU-2014:0683", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"}, {"name": "67302", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67302"}, {"name": "59262", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59262"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2145e15e0557a01b9195d1c7199a1b92cb9be81f", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2145e15e0557a01b9195d1c7199a1b92cb9be81f"}, {"name": "59309", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59309"}, {"name": "59406", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59406"}, {"name": "DSA-2928", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2928"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299"}, {"name": "http://linux.oracle.com/errata/ELSA-2014-0771.html", "refsource": "CONFIRM", "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"}, {"name": "RHSA-2014:0800", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"}, {"name": "[oss-security] 20140509 Linux kernel floppy ioctl kernel code execution", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/05/09/2"}, {"name": "59599", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59599"}, {"name": "DSA-2926", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2926"}, {"name": "SUSE-SU-2014:0667", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"}, {"name": "https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f"}, {"name": "1030474", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030474"}, {"name": "http://linux.oracle.com/errata/ELSA-2014-3043.html", "refsource": "CONFIRM", "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html"}, {"name": "RHSA-2014:0801", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0801.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:50:11.164Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SU-2014:0683", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"}, {"name": "67302", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/67302"}, {"name": "59262", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59262"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2145e15e0557a01b9195d1c7199a1b92cb9be81f"}, {"name": "59309", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59309"}, {"name": "59406", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59406"}, {"name": "DSA-2928", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-2928"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"}, {"name": "RHSA-2014:0800", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"}, {"name": "[oss-security] 20140509 Linux kernel floppy ioctl kernel code execution", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/05/09/2"}, {"name": "59599", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59599"}, {"name": "DSA-2926", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-2926"}, {"name": "SUSE-SU-2014:0667", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f"}, {"name": "1030474", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1030474"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html"}, {"name": "RHSA-2014:0801", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0801.html"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2014-1738", "datePublished": "2014-05-11T21:00:00", "dateReserved": "2014-01-29T00:00:00", "dateUpdated": "2024-08-06T09:50:11.164Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B465C548-09E9-4CD5-A1C2-57ED09C9E3F4", "versionEndIncluding": "3.14.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*", "matchCriteriaId": "903512FC-0017-4564-9B89-7E64FFB14B11", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*", "matchCriteriaId": "62A2AC02-A933-4E51-810E-5D040B476B7B", "vulnerable": true}, {"criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", "matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "A3A907A3-2A3A-46D4-8D75-914649877B65", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3DB41B45-D94D-4A58-88B0-B3EC3EC350E2", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", "matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device."}, {"lang": "es", "value": "La funci\u00f3n raw_cmd_copyout en drivers/block/floppy.c en el kernel de Linux hasta 3.14.3 no restringe debidamente acceso a ciertos punteros durante el procesamiento de una llamada FDRAWCMD ioctl, lo que permite a usuarios locales obtener informaci\u00f3n sensible de la memoria din\u00e1mica del kernel mediante el aprovechamiento de acceso a escritura hacia un dispositivo /dev/fd."}], "id": "CVE-2014-1738", "lastModified": "2023-11-07T02:19:18.270", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-11T21:55:05.873", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2145e15e0557a01b9195d1c7199a1b92cb9be81f"}, {"source": "chrome-cve-admin@google.com", "url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://linux.oracle.com/errata/ELSA-2014-3043.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-0800.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-0801.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/59262"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/59309"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/59406"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/59599"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.debian.org/security/2014/dsa-2926"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.debian.org/security/2014/dsa-2928"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.openwall.com/lists/oss-security/2014/05/09/2"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securityfocus.com/bid/67302"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securitytracker.com/id/1030474"}, {"source": "chrome-cve-admin@google.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299"}, {"source": "chrome-cve-admin@google.com", "url": "https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Matthew Daley for reporting this issue.", "affected_release": [{"advisory": "RHSA-2014:0740", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "kernel-0:2.6.18-371.9.1.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2014-06-10T00:00:00Z"}, {"advisory": "RHSA-2014:0801", "cpe": "cpe:/o:redhat:rhel_mission_critical:5.6", "package": "kernel-0:2.6.18-238.53.1.el5", "product_name": "Red Hat Enterprise Linux 5.6 Long Life", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0772", "cpe": "cpe:/o:redhat:rhel_eus:5.9", "package": "kernel-0:2.6.18-348.27.1.el5", "product_name": "Red Hat Enterprise Linux 5.9 Extended Update Support", "release_date": "2014-06-19T00:00:00Z"}, {"advisory": "RHSA-2014:0771", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-431.20.3.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-06-19T00:00:00Z"}, {"advisory": "RHSA-2014:0800", "cpe": "cpe:/o:redhat:rhel_mission_critical:6.2", "package": "kernel-0:2.6.32-220.52.1.el6", "product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support", "release_date": "2014-06-26T00:00:00Z"}, {"advisory": "RHSA-2014:0900", "cpe": "cpe:/o:redhat:rhel_eus:6.4", "package": "kernel-0:2.6.32-358.46.1.el6", "product_name": "Red Hat Enterprise Linux 6.4 Extended Update Support", "release_date": "2014-07-17T00:00:00Z"}, {"advisory": "RHSA-2014:0786", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-123.4.2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2014-06-24T00:00:00Z"}, {"advisory": "RHSA-2014:0557", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-0:3.10.33-rt32.34.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2014-05-27T00:00:00Z"}], "bugzilla": {"description": "kernel: block: floppy: privilege escalation via FDRAWCMD floppy ioctl command", "id": "1094299", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094299"}, "csaw": false, "cvss": {"cvss_base_score": "6.6", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "status": "verified"}, "details": ["The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.", "A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important)\nIt was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\nNote: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system."], "name": "CVE-2014-1738", "package_state": [{"cpe": "cpe:/o:redhat:rhel_eus:5.6", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux Extended Update Support 5.6"}, {"cpe": "cpe:/o:redhat:rhel_eus:6.3", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux Extended Update Support 6.3"}], "public_date": "2014-05-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-1738\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1738"], "threat_severity": "Important"}