Vulnerability Details : CVE-2014-1737
The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.
Products affected by CVE-2014-1737
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
- cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-1737
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-1737
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2014-1737
-
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1737
-
http://www.openwall.com/lists/oss-security/2014/05/09/2
oss-security - Linux kernel floppy ioctl kernel code executionMailing List;Third Party Advisory
-
http://www.debian.org/security/2014/dsa-2928
Debian -- Security Information -- DSA-2928-1 linux-2.6Third Party Advisory
-
https://github.com/torvalds/linux/commit/ef87dbe7614341c2e7bfe8d32fcb7028cc97442c
floppy: ignore kernel-only members in FDRAWCMD ioctl input · torvalds/linux@ef87dbe · GitHubPatch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html
[security-announce] SUSE-SU-2014:0683-1: important: Security update forMailing List;Third Party Advisory
-
http://secunia.com/advisories/59309
Sign inBroken Link
-
http://rhn.redhat.com/errata/RHSA-2014-0801.html
RHSA-2014:0801 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securityfocus.com/bid/67300
Linux Kernel CVE-2014-1737 Function Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
http://linux.oracle.com/errata/ELSA-2014-3043.html
linux.oracle.com | ELSA-2014-3043Third Party Advisory
-
http://secunia.com/advisories/59262
Sign inBroken Link
-
http://rhn.redhat.com/errata/RHSA-2014-0800.html
RHSA-2014:0800 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securitytracker.com/id/1030474
Linux Kernel Floppy Driver Bugs Let Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.debian.org/security/2014/dsa-2926
Debian -- Security Information -- DSA-2926-1 linuxThird Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c
kernel/git/torvalds/linux.git - Linux kernel source treeMailing List;Patch;Vendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1094299
1094299 – (CVE-2014-1737, CVE-2014-1738) CVE-2014-1737 CVE-2014-1738 kernel: block: floppy: privilege escalation via FDRAWCMD floppy ioctl commandIssue Tracking;Patch;Third Party Advisory
-
http://linux.oracle.com/errata/ELSA-2014-0771.html
linux.oracle.com | ELSA-2014-0771Third Party Advisory
-
http://secunia.com/advisories/59599
Sign inBroken Link
-
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html
[security-announce] SUSE-SU-2014:0667-1: important: Security update forMailing List;Third Party Advisory
-
http://secunia.com/advisories/59406
Sign inBroken Link
Jump to