Published: 18/01/2014 Updated: 07/11/2023

CVSS v2 Base Score: 1.7 | Impact Score: 2.9 | Exploitability Score: 3.1

VMScore: 152

Vector: AV:L/AC:L/Au:S/C:P/I:N/A:N

The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel prior to 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 3.11.1
linux linux kernel 3.11
linux linux kernel
linux linux kernel 3.11.4
linux linux kernel 3.11.3
linux linux kernel 3.11.2
linux linux kernel 3.11.5

Several security issues were fixed in the kernel ...

The fst_get_iface function in drivers/net/wan/farsyncc in the Linux kernel before 3117 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call ...

CWE-399 https://bugzilla.redhat.com/show_bug.cgi?id=1053610 http://www.openwall.com/lists/oss-security/2014/01/15/3 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7 https://github.com/torvalds/linux/commit/96b340406724d87e4621284ebac5e059d67b2194 http://www.securityfocus.com/bid/64952 http://www.ubuntu.com/usn/USN-2129-1 http://www.ubuntu.com/usn/USN-2128-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/90443 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=96b340406724d87e4621284ebac5e059d67b2194 https://nvd.nist.gov https://usn.ubuntu.com/2066-1/https://access.redhat.com/security/cve/cve-2014-1444

CVE-2014-1444

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect