CVE-2014-0069

MEDIUM

Description

The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.

References

http://article.gmane.org/gmane.linux.kernel.cifs/9401

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5d81de8e8667da7135d3a32a964087c0faf5483f

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html

http://rhn.redhat.com/errata/RHSA-2014-0328.html

http://www.openwall.com/lists/oss-security/2014/02/17/4

http://www.securityfocus.com/bid/65588

https://bugzilla.redhat.com/show_bug.cgi?id=1064253

https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f

Details

Source: MITRE

Published: 2014-02-28

Updated: 2017-12-16

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 6.2

Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C)

Impact Score: 10

Exploitability Score: 1.9

Severity: MEDIUM