The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
21 Nov 2024, 02:09
Type | Values Removed | Values Added |
---|---|---|
References | () http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html - Mailing List, Third Party Advisory | |
References | () http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html - Mailing List, Third Party Advisory | |
References | () http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618 - Broken Link | |
References | () http://secunia.com/advisories/59134 - Broken Link | |
References | () http://secunia.com/advisories/59777 - Broken Link | |
References | () http://secunia.com/advisories/60564 - Broken Link | |
References | () http://secunia.com/advisories/61310 - Broken Link | |
References | () http://www.openwall.com/lists/oss-security/2014/06/11/1 - Mailing List, Patch, Third Party Advisory | |
References | () http://www.ubuntu.com/usn/USN-2334-1 - Third Party Advisory | |
References | () http://www.ubuntu.com/usn/USN-2335-1 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=1108744 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc - Patch, Third Party Advisory | |
References | () https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html - Third Party Advisory |
Information
Published : 2014-06-23 11:21
Updated : 2024-11-21 02:09
NVD link : CVE-2014-4027
Mitre link : CVE-2014-4027
CVE.ORG link : CVE-2014-4027
JSON object : View
Products Affected
f5
- big-ip_application_security_manager
- big-iq_security
- big-ip_global_traffic_manager
- big-ip_domain_name_system
- big-ip_link_controller
- big-iq_application_delivery_controller
- big-ip_edge_gateway
- big-ip_wan_optimization_manager
- big-ip_protocol_security_module
- enterprise_manager
- big-ip_analytics
- big-ip_policy_enforcement_manager
- big-iq_cloud
- big-ip_application_acceleration_manager
- big-ip_webaccelerator
- big-iq_device
- big-ip_local_traffic_manager
- big-ip_advanced_firewall_manager
- big-ip_access_policy_manager
suse
- linux_enterprise_high_availability_extension
- linux_enterprise_desktop
- linux_enterprise_real_time_extension
- linux_enterprise_server
canonical
- ubuntu_linux
linux
- linux_kernel
redhat
- enterprise_linux
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor