The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel up to and including 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel |
||
oracle linux 5 |
||
oracle linux 6 |
||
debian debian linux 7.0 |
||
debian debian linux 6.0 |
||
suse linux enterprise desktop 11 |
||
suse linux enterprise server 11 |
||
suse linux enterprise real time extension 11 |
||
suse linux enterprise high availability extension 11 |
||
redhat enterprise linux eus 6.3 |
||
redhat enterprise linux eus 5.6 |