CVE-2014-4027

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 23-06-2014 01:21

Last modified: - 21-09-2022 08:44

Total changes: - 2

Description

The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.

Common Vulnerability Scoring System (CVSS)

AV:A/AC:M/Au:S/C:P/I:N/A:N

Low

Attack complexity

Adjacent

Attack vector

None

Availability

Low

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

2.3

Base score

4.4

2.9

Exploitability score

Impact score

Verification logic

Reference

https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc
https://bugzilla.redhat.com/show_bug.cgi?id=1108744
[target-devel] 20140616 [PATCH] target: Explicitly clear ramdisk_mcp backend pages-Broken Link
[oss-security] 20140611 Re: CVE request: Linux kernel / target information leak-Mailing List, Patch, Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc
59777-Broken Link
60564-Broken Link
USN-2334-1-Third Party Advisory
USN-2335-1-Third Party Advisory
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html
61310-Broken Link
SUSE-SU-2014:1316-Mailing List, Third Party Advisory
SUSE-SU-2014:1319-Mailing List, Third Party Advisory
59134-Broken Link

Keywords

CVE-2014-4027

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2014-4027

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures