CVE-2014-9903

MEDIUM

Linux Kernel 3.14-rc before 3.14-rc4 - Information Disclosure via sched_getattr System Call

Title source: llm
STIX 2.1

Description

The sched_read_attr function in kernel/sched/core.c in the Linux kernel 3.14-rc before 3.14-rc4 uses an incorrect size, which allows local users to obtain sensitive information from kernel stack memory via a crafted sched_getattr system call.

References (3)

Core 3

Scores

CVSS v3 5.5
EPSS 0.0036
EPSS Percentile 28.5%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
linux/linux_kernel 3.14 rc1 (3 CPE variants)
Published Jun 27, 2016
Tracked Since Feb 18, 2026