Information disclosure in F5 Big-ip_access_policy_manager

CVE-2014-4027

The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory b…

Vulnerability class: Information Disclosure

EPSS: 0.001 (25.8th percentile) — read the EPSS interpretation.

Affected products

F5 Big-ip_access_policy_manager — versions 12.0.0
F5 Big-ip_advanced_firewall_manager — versions 12.0.0
F5 Big-ip_analytics — versions 12.0.0
F5 Big-ip_application_acceleration_manager — versions 12.0.0
F5 Big-ip_application_security_manager — versions 12.0.0
F5 Big-ip_domain_name_system — versions 12.0.0
F5 Big-ip_edge_gateway
F5 Big-ip_global_traffic_manager
F5 Big-ip_link_controller — versions 12.0.0
F5 Big-ip_local_traffic_manager — versions 12.0.0

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

SUSE-SU-2014:1316 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
59134 (x_refsource_SECUNIA, Broken Link, third-party-advisory)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
USN-2335-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
USN-2334-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
cve@mitre.org (x_refsource_CONFIRM)
SUSE-SU-2014:1319 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
60564 (x_refsource_SECUNIA, Broken Link, third-party-advisory)
cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory)