Description
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.
References (8)
Core 8
Core References
Broken Link mailing-list
x_refsource_mlist
http://article.gmane.org/gmane.linux.kernel.cifs/9401
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65588
Patch, Third Party Advisory x_refsource_confirm
https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0328.html
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1064253
Broken Link x_refsource_confirm
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5d81de8e8667da7135d3a32a964087c0faf5483f
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/02/17/4
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html
Scores
EPSS
0.0005
EPSS Percentile
15.4%
Details
CWE
CWE-119
Status
published
Products (9)
linux/linux_kernel
< 3.2.57
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_eus
6.5
redhat/enterprise_linux_server
6.0
redhat/enterprise_linux_server_aus
6.5
redhat/enterprise_linux_server_tus
6.5
redhat/enterprise_linux_workstation
6.0
suse/linux_enterprise_desktop
11 sp3
suse/linux_enterprise_server
11 (3 CPE variants)
Published
Feb 28, 2014
Tracked Since
Feb 18, 2026