CVE-2014-0069

kernel: cifs: incorrect handling of bogus user pointers during uncached writes

Severity Score

7.2

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.

La función cifs_iovec_write en fs/cifs/file.c en el kernel de Linux hasta 3.13.5 no maneja debidamente operaciones de escritura no en caché que copian menos bytes de los solicitados, lo que permite a usuarios locales obtener información sensible de la memoria del kernel, causar una denegación de servicio (corrupción de memoria y caída del sistema) o posiblemente ganar privilegios a través de una llamada al sistema writev con un puntero manipulado.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

Attack Vector

Local

Attack Complexity

High

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-12-03 CVE Reserved
2014-02-28 CVE Published
2023-03-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (9)

URL	Tag	Source
http://article.gmane.org/gmane.linux.kernel.cifs/9401	Broken Link
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5d81de8e8667da7135d3a32a964087c0faf5483f	Broken Link
http://www.openwall.com/lists/oss-security/2014/02/17/4	Mailing List
http://www.securityfocus.com/bid/65588	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f	2024-02-05

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html	2024-02-05
http://rhn.redhat.com/errata/RHSA-2014-0328.html	2024-02-05
https://bugzilla.redhat.com/show_bug.cgi?id=1064253	2014-04-28
https://access.redhat.com/security/cve/CVE-2014-0069	2014-04-28

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 3.2.57 Search vendor "Linux" for product "Linux Kernel" and version " < 3.2.57"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.3 < 3.4.83 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.4.83"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.5 < 3.10.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 3.10.33"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.11 < 3.12.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 3.12.14"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.13 < 13.13.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 13.13.6"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop"				11 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "11"		sp3		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11"		sp3		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11"		sp3, vmware		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				6.5 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "6.5"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				6.5 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.5"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus"				6.5 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "6.5"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation"				6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0"		-		Affected