CVE-2014-1444
Debian Security Advisory 2906-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call.
La funciĆ³n fst_get_iface en drivers/net/wan/farsync.c del kernel Linux anteriores a 3.11.7 no inicializa apropiadamente cierta estructura de datos, lo cual permite a usuarios locales obtener informaciĆ³n sensible de la memoria dle kernel, aprovechando la funcionalidad CAP_NET_ADMIN para una llamada SIOCWANDEV ioctl.
An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-01-14 CVE Reserved
- 2014-01-18 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=96b340406724d87e4621284ebac5e059d67b2194 | X_refsource_confirm | |
| http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7 | X_refsource_confirm | |
| http://www.securityfocus.com/bid/64952 | Vdb Entry | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1053610 | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90443 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/01/15/3 | 2023-11-07 | |
| https://github.com/torvalds/linux/commit/96b340406724d87e4621284ebac5e059d67b2194 | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.ubuntu.com/usn/USN-2128-1 | 2023-11-07 | |
| http://www.ubuntu.com/usn/USN-2129-1 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 3.11.6 Search vendor "Linux" for product "Linux Kernel" and version " <= 3.11.6" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.11 Search vendor "Linux" for product "Linux Kernel" and version "3.11" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.11.1 Search vendor "Linux" for product "Linux Kernel" and version "3.11.1" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.11.2 Search vendor "Linux" for product "Linux Kernel" and version "3.11.2" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.11.3 Search vendor "Linux" for product "Linux Kernel" and version "3.11.3" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.11.4 Search vendor "Linux" for product "Linux Kernel" and version "3.11.4" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.11.5 Search vendor "Linux" for product "Linux Kernel" and version "3.11.5" | - |
Affected
| ||||||