CVE-2014-1445
Debian Security Advisory 2906-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call.
La función wanxl_ioctl en drivers/net/wan/wanxl.c en el kernel Linux anteriores a 3.11.7 no inicializa cierta estructura de datos apropiadamente, lo cual permite a usuarios locales obtener información sensible de la memoria del kernel a través de un allamada ioctl.
An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-01-14 CVE Reserved
- 2014-01-18 CVE Published
- 2024-08-06 CVE Updated
- 2025-06-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2b13d06c9584b4eb773f1e80bbaedab9a1c344e1 | X_refsource_confirm | |
| http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7 | X_refsource_confirm | |
| http://www.securityfocus.com/bid/64953 | Vdb Entry | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1053613 | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90444 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/01/15/3 | 2023-11-07 | |
| https://github.com/torvalds/linux/commit/2b13d06c9584b4eb773f1e80bbaedab9a1c344e1 | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.ubuntu.com/usn/USN-2128-1 | 2023-11-07 | |
| http://www.ubuntu.com/usn/USN-2129-1 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 3.11.6 Search vendor "Linux" for product "Linux Kernel" and version " <= 3.11.6" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.11 Search vendor "Linux" for product "Linux Kernel" and version "3.11" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.11.1 Search vendor "Linux" for product "Linux Kernel" and version "3.11.1" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.11.2 Search vendor "Linux" for product "Linux Kernel" and version "3.11.2" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.11.3 Search vendor "Linux" for product "Linux Kernel" and version "3.11.3" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.11.4 Search vendor "Linux" for product "Linux Kernel" and version "3.11.4" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.11.5 Search vendor "Linux" for product "Linux Kernel" and version "3.11.5" | - |
Affected
| ||||||