NVD Vulnerability Detail

CVE-2014-1738

Summary	The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.
Publication Date	May 12, 2014, 6:55 a.m.
Registration Date	Jan. 26, 2021, 3:07 p.m.
Last Update	Nov. 21, 2024, 11:04 a.m.

CVSS2.0 : LOW
Score	2.1
Vector	AV:L/AC:L/Au:N/C:P/I:N/A:N
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::			3.14.3

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_eus:6.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:5.6:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:7.0:::::::*
cpe:2.3:o:debian:debian_linux:6.0:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:oracle:linux:5:-::::::
cpe:2.3:o:oracle:linux:6:-::::::

Configuration5	or higher	or less	more than	less than
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3::::::
cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::vmware::*
cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3::::::
cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::-::*
cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2145e15e0557a01b9195d1c7199a1b92cb9be81f
2	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2145e15e0557a01b9195d1c7199a1b92cb9be81f
3	http://linux.oracle.com/errata/ELSA-2014-0771.html
4	http://linux.oracle.com/errata/ELSA-2014-0771.html
5	http://linux.oracle.com/errata/ELSA-2014-3043.html
6	http://linux.oracle.com/errata/ELSA-2014-3043.html
7	http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html
8	http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html
9	http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html
10	http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html
11	http://rhn.redhat.com/errata/RHSA-2014-0800.html
12	http://rhn.redhat.com/errata/RHSA-2014-0800.html
13	http://rhn.redhat.com/errata/RHSA-2014-0801.html
14	http://rhn.redhat.com/errata/RHSA-2014-0801.html
15	http://secunia.com/advisories/59262
16	http://secunia.com/advisories/59262
17	http://secunia.com/advisories/59309
18	http://secunia.com/advisories/59309
19	http://secunia.com/advisories/59406
20	http://secunia.com/advisories/59406
21	http://secunia.com/advisories/59599
22	http://secunia.com/advisories/59599
23	http://www.debian.org/security/2014/dsa-2926
24	http://www.debian.org/security/2014/dsa-2926
25	http://www.debian.org/security/2014/dsa-2928
26	http://www.debian.org/security/2014/dsa-2928
27	http://www.openwall.com/lists/oss-security/2014/05/09/2
28	http://www.openwall.com/lists/oss-security/2014/05/09/2
29	http://www.securityfocus.com/bid/67302
30	http://www.securityfocus.com/bid/67302
31	http://www.securitytracker.com/id/1030474
32	http://www.securitytracker.com/id/1030474
33	https://bugzilla.redhat.com/show_bug.cgi?id=1094299
34	https://bugzilla.redhat.com/show_bug.cgi?id=1094299
35	https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f
36	https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-200	情報漏えい	https://cwe.mitre.org/data/definitions/200.html

JVN Vulnerability Information

Linux Kernel の drivers/block/floppy.c の raw_cmd_copyout 関数における重要な情報を取得される脆弱性

Title	Linux Kernel の drivers/block/floppy.c の raw_cmd_copyout 関数における重要な情報を取得される脆弱性
Summary	Linux Kernel の drivers/block/floppy.c の raw_cmd_copyout 関数は、FDRAWCMD ioctl コールの処理中に特定のポインタへのアクセスを適切に制限しないため、カーネルヒープメモリから重要な情報を取得される脆弱性が存在します。
Possible impacts	ローカルユーザにより、/dev/fd device への書き込みアクセス権を利用されることで、カーネルヒープメモリから重要な情報を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 5, 2014, midnight
Registration Date	May 13, 2014, 3:24 p.m.
Last Update	Aug. 6, 2014, 10:54 a.m.

Affected System

Linux

Linux Kernel 3.14.3 まで

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-1738	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738
National Vulnerability Database (NVD)
2	CVE-2014-1738	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1738

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
GitHub
1	floppy: don't write kernel-only members to FDRAWCMD ioctl output	https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f
Linux Kernel
2	Linux Kernel Archives	http://www.kernel.org
Linux kernel source tree
3	floppy: don't write kernel-only members to FDRAWCMD ioctl output	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2145e15e0557a01b9195d1c7199a1b92cb9be81f
Oracle
4	ELSA-2014-0771	http://linux.oracle.com/errata/ELSA-2014-0771.html
5	ELSA-2014-3043	http://linux.oracle.com/errata/ELSA-2014-3043.html
Red Hat Bugzilla
6	Bug 1094299	https://bugzilla.redhat.com/show_bug.cgi?id=1094299

Change Log

No	Changed Details	Date of change
0	[2014年05月13日] 掲載 [2014年08月06日] ベンダ情報：オラクル (ELSA-2014-0771) を追加ベンダ情報：オラクル (ELSA-2014-3043) を追加	Feb. 17, 2018, 10:37 a.m.