A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important) It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low) Note: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system.
Find out more about CVE-2014-1737 from the MITRE CVE dictionary dictionary and NIST NVD.
| Base Score | 6.6 |
|---|---|
| Base Metrics | AV:L/AC:M/Au:S/C:C/I:C/A:C |
| Access Vector | Local |
| Access Complexity | Medium |
| Authentication | Single |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 6 (kernel) | RHSA-2014:0771 | 2014-06-19 |
| Red Hat Enterprise Linux Long Life (v. 5.6 server) (kernel) | RHSA-2014:0801 | 2014-06-26 |
| Red Hat Enterprise Linux 7 (kernel) | RHSA-2014:0786 | 2014-06-24 |
| Red Hat MRG Grid for RHEL 6 Server v.2 (kernel-rt) | RHSA-2014:0557 | 2014-05-27 |
| Red Hat Enterprise Linux Extended Update Support 6.4 (kernel) | RHSA-2014:0900 | 2014-07-17 |
| Red Hat Enterprise Linux EUS (v. 5.9 server) (kernel) | RHSA-2014:0772 | 2014-06-19 |
| Red Hat Enterprise Linux Advanced Update Support 6.2 (kernel) | RHSA-2014:0800 | 2014-06-26 |
| Red Hat Enterprise Linux 5 (kernel) | RHSA-2014:0740 | 2014-06-10 |
Vulmon