CVE-2014-2038

Linux kernel <3.13.3 - Info Disclosure

Title source: llm
STIX 2.1

Description

The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by writing to a file in an NFS filesystem and then reading the same file.

References (7)

Core 7
Core References
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2137-1
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2140-1
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/02/20/16
Release Notes, Vendor Advisory x_refsource_confirm
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.3
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1066939

Scores

EPSS 0.0041
EPSS Percentile 33.3%

Details

CWE
CWE-200
Status published
Products (3)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 13.10
linux/linux_kernel < 3.13.3
Published Feb 28, 2014
Tracked Since Feb 18, 2026