Description
The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.
References (18)
Core 18
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/67300
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59262
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59309
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59406
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2928
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1094299
Various Sources x_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-0771.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0800.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/05/09/2
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59599
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2926
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030474
Various Sources x_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-3043.html
Patch x_refsource_confirm
https://github.com/torvalds/linux/commit/ef87dbe7614341c2e7bfe8d32fcb7028cc97442c
Patch x_refsource_confirm
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0801.html
Scores
EPSS
0.0004
EPSS Percentile
13.9%
Details
CWE
CWE-754
Status
published
Products (11)
debian/debian_linux
6.0
debian/debian_linux
7.0
linux/linux_kernel
< 3.2.59
oracle/linux
5
oracle/linux
6
redhat/enterprise_linux_eus
5.6
redhat/enterprise_linux_eus
6.3
suse/linux_enterprise_desktop
11 sp3
suse/linux_enterprise_high_availability_extension
11 sp3
suse/linux_enterprise_real_time_extension
11 sp3
... and 1 more
Published
May 11, 2014
Tracked Since
Feb 18, 2026