Vulnerability CVE-2014-1738: Information

Description

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.

Severity: LOW (2.1)

URL: https://nvd.nist.gov/vuln/detail/CVE-2014-1738

Published: May 12, 2014

Modified: Nov. 7, 2023

Error type identifier: CWE-200

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
kernel-image-std-def	sisyphus	3.14.17-alt1	6.1.94-alt1	ALT-PU-2014-2064-1	128797	Fixed
kernel-image-std-def	p10	3.14.17-alt1	5.10.218-alt1	ALT-PU-2014-2064-1	128797	Fixed
kernel-image-std-def	p9	3.14.17-alt1	5.4.277-alt1	ALT-PU-2014-2064-1	128797	Fixed
kernel-image-std-def	c9f2	3.14.17-alt1	5.10.214-alt0.c9f.2	ALT-PU-2014-2064-1	128797	Fixed
kernel-image-std-def	c7	3.14.18-alt1	4.4.277-alt0.M70C.1	ALT-PU-2014-2116-1	129349	Fixed
kernel-image-std-def	p11	3.14.17-alt1	6.1.91-alt1	ALT-PU-2014-2064-1	128797	Fixed
kernel-image-un-def	sisyphus	3.14.4-alt1	6.6.34-alt1	ALT-PU-2014-1634-1	119753	Fixed
kernel-image-un-def	p10	3.14.4-alt1	6.1.90-alt1	ALT-PU-2014-1634-1	119753	Fixed
kernel-image-un-def	p9	3.14.4-alt1	5.10.218-alt1	ALT-PU-2014-1634-1	119753	Fixed
kernel-image-un-def	c10f1	3.14.4-alt1	6.1.85-alt0.c10f.1	ALT-PU-2014-1634-1	119753	Fixed
kernel-image-un-def	c9f2	3.14.4-alt1	5.10.29-alt2	ALT-PU-2014-1634-1	119753	Fixed
kernel-image-un-def	c7	3.14.4-alt1	4.9.277-alt0.M70C.1	ALT-PU-2014-1638-1	119815	Fixed
kernel-image-un-def	p11	3.14.4-alt1	6.6.31-alt1	ALT-PU-2014-1634-1	119753	Fixed
usbip	sisyphus	5.10-alt1	5.10-alt1	ALT-PU-2023-1798-1	320453	Fixed
usbip	sisyphus_e2k	5.10-alt1	5.10-alt1	ALT-PU-2023-7452-1	-	Fixed
usbip	p10	5.10-alt1	5.10-alt1	ALT-PU-2023-1903-1	320461	Fixed
usbip	p10_e2k	5.10-alt1	5.10-alt1	ALT-PU-2023-7498-1	-	Fixed
usbip	p11	5.10-alt1	5.10-alt1	ALT-PU-2023-1798-1	320453	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
SUSE-SU-2014:0683
67302
59262
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2145e15e0557a01b9195d1c7199a1b92cb9be81f
59309
59406
DSA-2928
https://bugzilla.redhat.com/show_bug.cgi?id=1094299
http://linux.oracle.com/errata/ELSA-2014-0771.html
RHSA-2014:0800
[oss-security] 20140509 Linux kernel floppy ioctl kernel code execution
59599
DSA-2926
SUSE-SU-2014:0667
https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f
1030474
http://linux.oracle.com/errata/ELSA-2014-3043.html
RHSA-2014:0801

Affected configurations:
1. Configuration 1
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  End including
  3.14.3
  
  Configuration 2
  cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
  
  Configuration 4
  cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*
  cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*
  
  Configuration 5
  cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
  cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
  cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*

Version: v24.5.3

Vulnerability CVE-2014-1738: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5