CVE-2014-0069

high

Description

The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.

References

https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f

https://bugzilla.redhat.com/show_bug.cgi?id=1064253

http://www.securityfocus.com/bid/65588

http://www.openwall.com/lists/oss-security/2014/02/17/4

http://rhn.redhat.com/errata/RHSA-2014-0328.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html

Details

Source: Mitre, NVD

Published: 2014-02-28

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Severity: High