// For flags

CVE-2014-1446

 

Severity Score

5.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.

La funciĆ³n yam_ioclt en drivers/net/hamradio/yam.c en el kernel Linux anteriores a 3.1.2.8 no inicializa cierto miembro de estructura, lo cual permite a usuarios locales obtener informaciĆ³n snesible de la memoria del kernel aprovechando la funcionalidad CAP_NET_ADMIN para una llamada SIOCYAMGCFG ioctl.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-01-14 CVE Reserved
  • 2014-01-18 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-399: Resource Management Errors
CAPEC
References (21)
URL Tag Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8e3fbf870481eb53b2d3a322d1fc395ad8b367ed X_refsource_confirm
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8 X_refsource_confirm
http://www.openwall.com/lists/oss-security/2014/01/15/3 Mailing List
http://www.securityfocus.com/bid/64954 Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1053620 X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/90445 Vdb Entry
URL Date SRC
URL Date SRC
https://github.com/torvalds/linux/commit/8e3fbf870481eb53b2d3a322d1fc395ad8b367ed 2023-11-07
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126858.html 2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126874.html 2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2014:038 2023-11-07
http://www.ubuntu.com/usn/USN-2113-1 2023-11-07
http://www.ubuntu.com/usn/USN-2117-1 2023-11-07
http://www.ubuntu.com/usn/USN-2128-1 2023-11-07
http://www.ubuntu.com/usn/USN-2129-1 2023-11-07
http://www.ubuntu.com/usn/USN-2133-1 2023-11-07
http://www.ubuntu.com/usn/USN-2134-1 2023-11-07
http://www.ubuntu.com/usn/USN-2135-1 2023-11-07
http://www.ubuntu.com/usn/USN-2136-1 2023-11-07
http://www.ubuntu.com/usn/USN-2138-1 2023-11-07
http://www.ubuntu.com/usn/USN-2139-1 2023-11-07
http://www.ubuntu.com/usn/USN-2141-1 2023-11-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 <= 3.12.7
Search vendor "Linux" for product "Linux Kernel" and version " <= 3.12.7"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 3.12
Search vendor "Linux" for product "Linux Kernel" and version "3.12"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 3.12.1
Search vendor "Linux" for product "Linux Kernel" and version "3.12.1"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 3.12.2
Search vendor "Linux" for product "Linux Kernel" and version "3.12.2"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 3.12.3
Search vendor "Linux" for product "Linux Kernel" and version "3.12.3"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 3.12.4
Search vendor "Linux" for product "Linux Kernel" and version "3.12.4"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 3.12.5
Search vendor "Linux" for product "Linux Kernel" and version "3.12.5"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 3.12.6
Search vendor "Linux" for product "Linux Kernel" and version "3.12.6"
-
Affected