Vulnerability in Linux Linux_kernel

CVE-2014-1737

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain p…

EPSS: 0.000 (14.2th percentile) — read the EPSS interpretation.

Affected products

Linux Linux_kernel
Oracle Linux — versions 5, 6
Debian Debian_linux — versions 6.0, 7.0
Redhat Enterprise_linux_eus — versions 5.6, 6.3
Suse Linux_enterprise_desktop — versions 11
Suse Linux_enterprise_high_availability_extension — versions 11
Suse Linux_enterprise_real_time_extension — versions 11
Suse Linux_enterprise_server — versions 11
N/a — versions n/a

Weakness classification (CWE)

CWE-754 — Improper Check for Unusual or Exceptional Conditions

References

67300 (vdb-entry, x_refsource_BID)
SUSE-SU-2014:0683 (vendor-advisory, x_refsource_SUSE)
59262 (x_refsource_SECUNIA, third-party-advisory)
chrome-cve-admin@google.com (x_refsource_CONFIRM)
59309 (x_refsource_SECUNIA, third-party-advisory)
59406 (x_refsource_SECUNIA, third-party-advisory)
DSA-2928 (vendor-advisory, x_refsource_DEBIAN)
chrome-cve-admin@google.com (x_refsource_CONFIRM)
chrome-cve-admin@google.com (x_refsource_CONFIRM)
RHSA-2014:0800 (x_refsource_REDHAT, vendor-advisory)