{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-06-11T00:00:00", "descriptions": [{"lang": "en", "value": "The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-05T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "SUSE-SU-2014:1316", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"}, {"name": "59134", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59134"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108744"}, {"name": "USN-2335-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2335-1"}, {"name": "USN-2334-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2334-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc"}, {"name": "SUSE-SU-2014:1319", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"}, {"name": "60564", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60564"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc"}, {"name": "59777", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59777"}, {"name": "61310", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/61310"}, {"name": "[oss-security] 20140611 Re: CVE request: Linux kernel / target information leak", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/06/11/1"}, {"name": "[target-devel] 20140616 [PATCH] target: Explicitly clear ramdisk_mcp backend pages", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4027", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SU-2014:1316", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"}, {"name": "59134", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59134"}, {"name": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html", "refsource": "CONFIRM", "url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1108744", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108744"}, {"name": "USN-2335-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2335-1"}, {"name": "USN-2334-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2334-1"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc"}, {"name": "SUSE-SU-2014:1319", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"}, {"name": "60564", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60564"}, {"name": "https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc"}, {"name": "59777", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59777"}, {"name": "61310", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61310"}, {"name": "[oss-security] 20140611 Re: CVE request: Linux kernel / target information leak", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/06/11/1"}, {"name": "[target-devel] 20140616 [PATCH] target: Explicitly clear ramdisk_mcp backend pages", "refsource": "MLIST", "url": "http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:04:27.539Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SU-2014:1316", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"}, {"name": "59134", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59134"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108744"}, {"name": "USN-2335-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2335-1"}, {"name": "USN-2334-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2334-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc"}, {"name": "SUSE-SU-2014:1319", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"}, {"name": "60564", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60564"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc"}, {"name": "59777", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59777"}, {"name": "61310", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/61310"}, {"name": "[oss-security] 20140611 Re: CVE request: Linux kernel / target information leak", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/06/11/1"}, {"name": "[target-devel] 20140616 [PATCH] target: Explicitly clear ramdisk_mcp backend pages", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-4027", "datePublished": "2014-06-23T10:00:00", "dateReserved": "2014-06-11T00:00:00", "dateUpdated": "2024-08-06T11:04:27.539Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5673276-6E6D-4AB2-9DA6-7873D78E58CF", "versionEndExcluding": "3.14", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "A3A907A3-2A3A-46D4-8D75-914649877B65", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3DB41B45-D94D-4A58-88B0-B3EC3EC350E2", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", "matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0A477D7-D770-40FA-822E-0686791DCBBC", "versionEndIncluding": "11.6.0", "versionStartIncluding": "11.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3B62FEC0-EE22-46E6-B811-8AB0EE4C3E2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "49BEE6CD-30CA-44B2-8A9E-B8198A44DB34", "versionEndIncluding": "11.6.0", "versionStartIncluding": "11.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "532AAF54-64EF-4852-B4F1-D5E660463704", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "A40013D7-C45F-4712-9FBB-12EC55ACA8A8", "versionEndIncluding": "11.6.0", "versionStartIncluding": "11.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0EDB8E9-E6FB-406E-B1D3-C620F114804C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD759D15-7861-45DD-9141-4F2855164368", "versionEndIncluding": "11.6.0", "versionStartIncluding": "11.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CA2FA6B-3930-432F-8FB5-E73604CEFE42", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF00C6EB-94E6-47BA-9C73-F7EEF0F5C5F1", "versionEndIncluding": "11.6.0", "versionStartIncluding": "11.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "62B0A70A-D101-443E-A543-5EC35E23D66F", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "524B2D05-508C-47FF-94A0-6CC42060E638", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FF30167-0241-4136-82F8-2D2FB545C19A", "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FFB9C044-BDFD-44B6-9DEA-F9EC3B793F15", "versionEndIncluding": "11.6.0", "versionStartIncluding": "11.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F7E38E6-5E18-491B-A4A3-E47EED2F882F", "versionEndIncluding": "11.6.0", "versionStartIncluding": "11.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E90C12AF-44BA-44A2-89ED-0C2497EEC8A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E48CB17C-616D-4637-9811-93B4291052F3", "versionEndIncluding": "11.6.0", "versionStartIncluding": "11.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "44F1E5E0-BD63-4A4A-BC4E-A1D5495F8B5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAA8052D-B8EA-4109-A93B-EDF8F1BF09F0", "versionEndIncluding": "11.6.0", "versionStartIncluding": "11.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "23FF9627-E561-4CF7-A685-6E33D2F6C98C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C666A18-9DED-4B49-92DE-474403FC17BF", "versionEndIncluding": "11.4.1", "versionStartIncluding": "11.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6B52D60-38DB-4BE9-91F4-B6553F5E5A93", "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1E3204F-9464-4AC3-819B-D1A6B399FAE3", "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-iq_application_delivery_controller:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "222B4DE7-1D3D-40DF-A9EB-EFABDA8FAEA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-iq_cloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C8BF865-BA45-4711-829F-EC8E5EA22D2F", "versionEndIncluding": "4.5.0", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-iq_device:*:*:*:*:*:*:*:*", "matchCriteriaId": "3BC0EAFD-DA5E-4A1B-81CB-0D5A964F9EB6", "versionEndIncluding": "4.5.0", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-iq_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B3E56EB-202A-4F58-8E94-B2DDA1693498", "versionEndIncluding": "4.5.0", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:enterprise_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "482E630B-93A1-4B9B-8273-821C116ADC4F", "versionEndIncluding": "3.1.1", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator."}, {"lang": "es", "value": "La funci\u00f3n rd_build_device_space en drivers/target/target_core_rd.c en el kernel de Linux anterior a 3.14 no inicializa debidamente cierta estructura de datos, lo que permite a usuarios locales obtener informaci\u00f3n sensible de la memoria ramdisk_mcp mediante el aprovechamiento del acceso a un iniciador SCSI."}], "id": "CVE-2014-4027", "lastModified": "2023-11-07T02:20:22.100", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-06-23T11:21:18.700", "references": [{"source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/59134"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/59777"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/60564"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/61310"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2014/06/11/1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2334-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2335-1"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108744"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2014:1971", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-123.13.1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2014-12-09T00:00:00Z"}, {"advisory": "RHSA-2014:0913", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-0:3.10.33-rt32.43.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2014-07-22T00:00:00Z"}], "bugzilla": {"description": "Kernel: target/rd: imformation leakage", "id": "1108744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108744"}, "csaw": false, "cvss": {"cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:P/I:N/A:N", "status": "verified"}, "details": ["The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.", "An information leak flaw was found in the RAM Disks Memory Copy (rd_mcp) backend driver of the iSCSI Target subsystem of the Linux kernel. A privileged user could use this flaw to leak the contents of kernel memory to an iSCSI initiator remote client."], "name": "CVE-2014-4027", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2014-01-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-4027\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4027"], "statement": "This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the versions of Linux kernel package as shipped with Red Hat Enterprise Linux 6 and 7. Future kernel updates for Red Hat Enterprise Linux 6 and 7 may address this issue.", "threat_severity": "Low"}