CVE-2014-1739

Linux kernel <3.14.6 - Info Disclosure

Title source: llm

Description

The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Salva Peiro · clocallinux
https://www.exploit-db.com/exploits/39214

References (16)

Scores

EPSS 0.0010
EPSS Percentile 27.8%

Details

CWE
CWE-200
Status published
Products (6)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 13.10
linux/linux_kernel < 3.14.6
suse/linux_enterprise_high_availability_extension 11 sp3
suse/suse_linux_enterprise_desktop 11 sp3
suse/suse_linux_enterprise_server 11 sp3 (2 CPE variants)
Published Jun 23, 2014
Tracked Since Feb 18, 2026