The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel up to and including 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel |
||
redhat enterprise linux eus 6.3 |
||
redhat enterprise linux eus 5.6 |
||
debian debian linux 7.0 |
||
debian debian linux 6.0 |
||
oracle linux 5 |
||
oracle linux 6 |
||
suse linux enterprise desktop 11 |
||
suse linux enterprise server 11 |
||
suse linux enterprise real time extension 11 |
||
suse linux enterprise high availability extension 11 |