Количество 22
Количество 22
GHSA-vmrj-8qgc-5x6c
The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.
CVE-2014-1737
The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. First, raw_cmd_ioctl calls raw_cmd_copyin. This function kmallocs space for a floppy_raw_cmd structure and stores the resulting allocation in the "rcmd" pointer argument. It then attempts to copy_from_user the structure from userspace. If this fails, an early EFAULT return is taken. The problem is that even if the early return is taken, the pointer to the non-/partially-initialized floppy_raw_cmd structure has already been returned via the "rcmd" pointer. Back out in raw_cmd_ioctl, it attempts to raw_cmd_free this pointer. raw_cmd_free attempts to free any DMA pages allocated for the raw command, kfrees the raw command structure itself, and follows the linked list, if any, of further raw com...
CVE-2014-1737
The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.
CVE-2014-1737
The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.
CVE-2014-1737
The raw_cmd_copyin function in drivers/block/floppy.c in the Linux ker ...
BDU:2014-00334
Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании или повысить свои привилегии
BDU:2014-00110
Уязвимость операционной системы Linux, позволяющая злоумышленнику повысить свои привилегии
BDU:2014-00053
Уязвимость операционной системы Linux, позволяющая злоумышленнику получить доступ к защищаемой информации
ELSA-2014-3041
ELSA-2014-3041: unbreakable enterprise kernel security update (IMPORTANT)
ELSA-2014-0740
ELSA-2014-0740: kernel security and bug fix update (IMPORTANT)
ELSA-2014-0740-1
ELSA-2014-0740-1: kernel security and bug fix update (IMPORTANT)
ELSA-2014-3043
ELSA-2014-3043: unbreakable enterprise kernel security update (IMPORTANT)
ELSA-2014-3042
ELSA-2014-3042: unbreakable enterprise kernel security update (IMPORTANT)
ELSA-2014-0771
ELSA-2014-0771: kernel security and bug fix update (IMPORTANT)
ELSA-2014-0786
ELSA-2014-0786: kernel security, bug fix, and enhancement update (IMPORTANT)
SUSE-SU-2015:1376-1
Security update for Linux kernel
SUSE-SU-2015:0736-1
Security update for Linux kernel
SUSE-SU-2015:1174-1
Security update for Linux kernel
SUSE-SU-2015:0581-1
Security update for Linux kernel
SUSE-RU-2015:0621-1
Security update for Linux kernel
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-vmrj-8qgc-5x6c The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. | 0% Низкий | около 3 лет назад | |
 | CVE-2014-1737 The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. First, raw_cmd_ioctl calls raw_cmd_copyin. This function kmallocs space for a floppy_raw_cmd structure and stores the resulting allocation in the "rcmd" pointer argument. It then attempts to copy_from_user the structure from userspace. If this fails, an early EFAULT return is taken. The problem is that even if the early return is taken, the pointer to the non-/partially-initialized floppy_raw_cmd structure has already been returned via the "rcmd" pointer. Back out in raw_cmd_ioctl, it attempts to raw_cmd_free this pointer. raw_cmd_free attempts to free any DMA pages allocated for the raw command, kfrees the raw command structure itself, and follows the linked list, if any, of further raw com... | CVSS2: 7.2 | 0% Низкий | около 11 лет назад |
 | CVE-2014-1737 The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. | CVSS2: 6.6 | 0% Низкий | больше 11 лет назад |
 | CVE-2014-1737 The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. | CVSS2: 7.2 | 0% Низкий | около 11 лет назад |
| CVE-2014-1737 The raw_cmd_copyin function in drivers/block/floppy.c in the Linux ker ... | CVSS2: 7.2 | 0% Низкий | около 11 лет назад |
 | BDU:2014-00334 Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании или повысить свои привилегии | CVSS2: 7.2 | 0% Низкий | около 11 лет назад |
| BDU:2014-00110 Уязвимость операционной системы Linux, позволяющая злоумышленнику повысить свои привилегии | CVSS2: 7.2 | 0% Низкий | около 11 лет назад |
| BDU:2014-00053 Уязвимость операционной системы Linux, позволяющая злоумышленнику получить доступ к защищаемой информации | CVSS2: 7.2 | 0% Низкий | около 11 лет назад |
| ELSA-2014-3041 ELSA-2014-3041: unbreakable enterprise kernel security update (IMPORTANT) | около 11 лет назад | ||
| ELSA-2014-0740 ELSA-2014-0740: kernel security and bug fix update (IMPORTANT) | около 11 лет назад | ||
| ELSA-2014-0740-1 ELSA-2014-0740-1: kernel security and bug fix update (IMPORTANT) | около 11 лет назад | ||
| ELSA-2014-3043 ELSA-2014-3043: unbreakable enterprise kernel security update (IMPORTANT) | около 11 лет назад | ||
| ELSA-2014-3042 ELSA-2014-3042: unbreakable enterprise kernel security update (IMPORTANT) | около 11 лет назад | ||
| ELSA-2014-0771 ELSA-2014-0771: kernel security and bug fix update (IMPORTANT) | около 11 лет назад | ||
| ELSA-2014-0786 ELSA-2014-0786: kernel security, bug fix, and enhancement update (IMPORTANT) | около 11 лет назад | ||
 | SUSE-SU-2015:1376-1 Security update for Linux kernel | почти 11 лет назад | ||
| SUSE-SU-2015:0736-1 Security update for Linux kernel | почти 11 лет назад | ||
| SUSE-SU-2015:1174-1 Security update for Linux kernel | почти 11 лет назад | ||
| SUSE-SU-2015:0581-1 Security update for Linux kernel | почти 11 лет назад | ||
| SUSE-RU-2015:0621-1 Security update for Linux kernel | почти 11 лет назад |
Уязвимостей на страницу