Published: 23/06/2014 Updated: 07/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 215

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel prior to 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
canonical ubuntu linux 13.10
canonical ubuntu linux 12.04
suse suse linux enterprise desktop 11
suse suse linux enterprise server 11
suse linux enterprise high availability extension 11

Debian Bug report logs - #751417 linux-image-320-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ) on MIPS (CVE-2014-4157) Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Plamen Alexandrov <plamen@aomedacom> Date: Thu, 12 Jun 2014 16:21:01 ...

The media_device_enum_entities function in drivers/media/media-devicec in the Linux kernel before 3146 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call A flaw was found in the way the Linux ker ...

Several security issues were fixed in the kernel ...

An information leak flaw was found in the way the Linux kernel handled media device enumerate entities IOCTL requests A local user able to access the /dev/media0 device file could use this flaw to leak kernel memory bytes ...

/* source: wwwsecurityfocuscom/bid/68048/info The Linux kernel is prone to a local information-disclosure vulnerability Local attackers can exploit this issue to cause a memory leak to obtain sensitive information that may lead to further attacks Linux kernel 2638 through 315-rc2 are vulnerable */ /* * $File: media-enum-pocc ...

CWE-200 http://www.ubuntu.com/usn/USN-2263-1 https://bugzilla.redhat.com/show_bug.cgi?id=1109774 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://www.openwall.com/lists/oss-security/2014/06/15/1 https://source.android.com/security/bulletin/2017-04-01 http://www.ubuntu.com/usn/USN-2261-1 http://www.ubuntu.com/usn/USN-2264-1 http://www.securityfocus.com/bid/68048 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e6a623460e5fc960ac3ee9f946d3106233fd28d8 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.6 http://www.ubuntu.com/usn/USN-2259-1 https://github.com/torvalds/linux/commit/e6a623460e5fc960ac3ee9f946d3106233fd28d8 http://speirofr.appspot.com/cve-2014-1739-kernel-infoleak-vulnerability-in-media_enum_entities.html http://secunia.com/advisories/59597 http://www.securitytracker.com/id/1038201 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751417 https://www.exploit-db.com/exploits/39214/https://usn.ubuntu.com/2259-1/https://access.redhat.com/security/cve/cve-2014-1739 https://alas.aws.amazon.com/ALAS-2014-392.html

CVE-2014-1739

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect