CVE-2014-0069

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.

References

http://article.gmane.org/gmane.linux.kernel.cifs/9401

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5d81de8e8667da7135d3a32a964087c0faf5483f

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html

http://rhn.redhat.com/errata/RHSA-2014-0328.html

http://www.openwall.com/lists/oss-security/2014/02/17/4

http://www.securityfocus.com/bid/65588

https://bugzilla.redhat.com/show_bug.cgi?id=1064253

https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f

Details

Source: MITRE

Published: 2014-02-28

Updated: 2020-08-26

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
127146NewStart CGSL MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0004)NessusNewStart CGSL Local Security Checks
critical
124837EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1516)NessusHuawei Local Security Checks
critical
124801EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1477)NessusHuawei Local Security Checks
medium
99163OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)NessusOracleVM Local Security Checks
critical
76674RHEL 6 : MRG (RHSA-2014:0439)NessusRed Hat Local Security Checks
critical
75363openSUSE Security Update : kernel (openSUSE-SU-2014:0678-1)NessusSuSE Local Security Checks
critical
74513Mandriva Linux Security Advisory : kernel (MDVSA-2014:124)NessusMandriva Local Security Checks
critical
74184Ubuntu 12.04 LTS : linux vulnerabilities (USN-2221-1)NessusUbuntu Local Security Checks
critical
74101Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3034)NessusOracle Linux Local Security Checks
critical
73728Ubuntu 13.10 : linux vulnerabilities (USN-2179-1)NessusUbuntu Local Security Checks
high
73727Ubuntu 12.10 : linux vulnerabilities (USN-2178-1)NessusUbuntu Local Security Checks
high
73726Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2177-1)NessusUbuntu Local Security Checks
high
73725Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2176-1)NessusUbuntu Local Security Checks
high
73724Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2175-1)NessusUbuntu Local Security Checks
high
73554SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9102 / 9104 / 9105)NessusSuSE Local Security Checks
medium
73244SuSE 11.3 Security Update : Linux Kernel (SAT Patch Numbers 9047 / 9050 / 9051)NessusSuSE Local Security Checks
medium
73221Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3014)NessusOracle Linux Local Security Checks
critical
73200Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20140325)NessusScientific Linux Local Security Checks
high
73198RHEL 6 : kernel (RHSA-2014:0328)NessusRed Hat Local Security Checks
high
73196Oracle Linux 6 : kernel (ELSA-2014-0328)NessusOracle Linux Local Security Checks
high
73191CentOS 6 : kernel (CESA-2014:0328)NessusCentOS Local Security Checks
high
72745Amazon Linux AMI : kernel (ALAS-2014-289)NessusAmazon Linux Local Security Checks
high
72548Fedora 19 : kernel-3.12.11-201.fc19 (2014-2606)NessusFedora Local Security Checks
medium
72546Fedora 20 : kernel-3.13.3-201.fc20 (2014-2576)NessusFedora Local Security Checks
medium