The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.
http://linux.oracle.com/errata/ELSA-2014-0771.html
http://linux.oracle.com/errata/ELSA-2014-3043.html
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html
http://rhn.redhat.com/errata/RHSA-2014-0800.html
http://rhn.redhat.com/errata/RHSA-2014-0801.html
http://secunia.com/advisories/59262
http://secunia.com/advisories/59309
http://secunia.com/advisories/59406
http://secunia.com/advisories/59599
http://www.debian.org/security/2014/dsa-2926
http://www.debian.org/security/2014/dsa-2928
http://www.openwall.com/lists/oss-security/2014/05/09/2
http://www.securityfocus.com/bid/67302
http://www.securitytracker.com/id/1030474
https://bugzilla.redhat.com/show_bug.cgi?id=1094299
https://github.com/torvalds/linux/commit/2145e15e0557a01b9195d1c7199a1b92cb9be81f
OR
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 3.14.3 (inclusive)
OR
OR
OR
OR
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
124988 | EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1535) | Nessus | Huawei Local Security Checks | high |
124803 | EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1479) | Nessus | Huawei Local Security Checks | critical |
99163 | OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW) | Nessus | OracleVM Local Security Checks | critical |
83628 | SUSE SLES10 Security Update : kernel (SUSE-SU-2014:0832-1) | Nessus | SuSE Local Security Checks | high |
83627 | SUSE SLES10 Security Update : kernel (SUSE-SU-2014:0773-1) | Nessus | SuSE Local Security Checks | high |
83626 | SUSE SLES10 Security Update : kernel (SUSE-SU-2014:0772-1) | Nessus | SuSE Local Security Checks | high |
81800 | Oracle Linux 7 : kernel (ELSA-2015-0290) | Nessus | Oracle Linux Local Security Checks | high |
79290 | RHEL 5 : kernel (RHSA-2014:0801) | Nessus | Red Hat Local Security Checks | high |
79035 | RHEL 6 : kernel (RHSA-2014:0900) | Nessus | Red Hat Local Security Checks | high |
79032 | RHEL 6 : kernel (RHSA-2014:0800) | Nessus | Red Hat Local Security Checks | high |
79031 | RHEL 5 : kernel (RHSA-2014:0772) | Nessus | Red Hat Local Security Checks | high |
77355 | Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3070) | Nessus | Oracle Linux Local Security Checks | high |
76901 | RHEL 7 : kernel (RHSA-2014:0786) | Nessus | Red Hat Local Security Checks | high |
76738 | Oracle Linux 7 : kernel (ELSA-2014-0786) | Nessus | Oracle Linux Local Security Checks | high |
76677 | RHEL 6 : MRG (RHSA-2014:0557) | Nessus | Red Hat Local Security Checks | high |
76295 | Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2260-1) | Nessus | Ubuntu Local Security Checks | high |
76186 | Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2014-3043) | Nessus | Oracle Linux Local Security Checks | high |
76185 | Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2014-3042) | Nessus | Oracle Linux Local Security Checks | high |
76184 | Oracle Linux 6 : unbreakable enterprise kernel (ELSA-2014-3041) | Nessus | Oracle Linux Local Security Checks | high |
76170 | CentOS 6 : kernel (CESA-2014:0771) | Nessus | CentOS Local Security Checks | high |
76157 | Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20140619) | Nessus | Scientific Linux Local Security Checks | high |
76156 | RHEL 6 : kernel (RHSA-2014:0771) | Nessus | Red Hat Local Security Checks | high |
76155 | Oracle Linux 6 : kernel (ELSA-2014-0771) | Nessus | Oracle Linux Local Security Checks | high |
75364 | openSUSE Security Update : kernel (openSUSE-SU-2014:0677-1) | Nessus | SuSE Local Security Checks | critical |
75363 | openSUSE Security Update : kernel (openSUSE-SU-2014:0678-1) | Nessus | SuSE Local Security Checks | critical |
74513 | Mandriva Linux Security Advisory : kernel (MDVSA-2014:124) | Nessus | Mandriva Local Security Checks | critical |
74505 | Oracle Linux 5 : kernel (ELSA-2014-0740-1) | Nessus | Oracle Linux Local Security Checks | high |
74489 | Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20140610) | Nessus | Scientific Linux Local Security Checks | high |
74482 | Oracle Linux 5 : kernel (ELSA-2014-0740) | Nessus | Oracle Linux Local Security Checks | high |
74471 | CentOS 5 : kernel (CESA-2014:0740) | Nessus | CentOS Local Security Checks | high |
74458 | RHEL 5 : kernel (RHSA-2014:0740) | Nessus | Red Hat Local Security Checks | high |
74215 | Ubuntu 13.10 : linux vulnerabilities (USN-2228-1) | Nessus | Ubuntu Local Security Checks | critical |
74214 | Ubuntu 14.04 LTS : linux vulnerabilities (USN-2226-1) | Nessus | Ubuntu Local Security Checks | high |
74213 | Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2225-1) | Nessus | Ubuntu Local Security Checks | critical |
74212 | Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2224-1) | Nessus | Ubuntu Local Security Checks | critical |
74211 | Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2223-1) | Nessus | Ubuntu Local Security Checks | critical |
74184 | Ubuntu 12.04 LTS : linux vulnerabilities (USN-2221-1) | Nessus | Ubuntu Local Security Checks | critical |
74183 | Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2220-1) | Nessus | Ubuntu Local Security Checks | high |
74182 | Ubuntu 10.04 LTS : linux vulnerabilities (USN-2219-1) | Nessus | Ubuntu Local Security Checks | high |
74132 | Fedora 19 : kernel-3.14.4-100.fc19 (2014-6354) | Nessus | Fedora Local Security Checks | high |
74049 | Fedora 20 : kernel-3.14.4-200.fc20 (2014-6357) | Nessus | Fedora Local Security Checks | high |
74033 | SuSE 11.3 Security Update : Linux Kernel (SAT Patch Numbers 9233 / 9236 / 9237) | Nessus | SuSE Local Security Checks | high |
74027 | Debian DSA-2928-1 : linux-2.6 - privilege escalation/denial of service/information leak | Nessus | Debian Local Security Checks | high |
73971 | Debian DSA-2926-1 : linux - security update | Nessus | Debian Local Security Checks | high |