Information disclosure in Linux Linux_kernel

CVE-2014-1738

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive infor…

Vulnerability class: Information Disclosure

EPSS: 0.000 (6.7th percentile) — read the EPSS interpretation.

Affected products

Linux Linux_kernel
Oracle Linux — versions 5, 6
Debian Debian_linux — versions 6.0, 7.0
Redhat Enterprise_linux_eus — versions 5.6, 6.3
Suse Linux_enterprise_desktop — versions 11
Suse Linux_enterprise_high_availability_extension — versions 11
Suse Linux_enterprise_real_time_extension — versions 11
Suse Linux_enterprise_server — versions 11
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

SUSE-SU-2014:0683 (vendor-advisory, x_refsource_SUSE)
67302 (vdb-entry, x_refsource_BID)
59262 (x_refsource_SECUNIA, third-party-advisory)
chrome-cve-admin@google.com (x_refsource_CONFIRM)
59309 (x_refsource_SECUNIA, third-party-advisory)
59406 (x_refsource_SECUNIA, third-party-advisory)
DSA-2928 (vendor-advisory, x_refsource_DEBIAN)
chrome-cve-admin@google.com (x_refsource_CONFIRM)
chrome-cve-admin@google.com (x_refsource_CONFIRM)
RHSA-2014:0800 (x_refsource_REDHAT, vendor-advisory)