CVE-2014-9645

The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command.
Configurations

Configuration 1 (hide)

cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-03-12 06:59

Updated : 2024-02-04 19:11


NVD link : CVE-2014-9645

Mitre link : CVE-2014-9645

CVE.ORG link : CVE-2014-9645


JSON object : View

Products Affected

busybox

  • busybox
CWE
CWE-20

Improper Input Validation