Published: 23/06/2014 Updated: 07/11/2023

CVSS v2 Base Score: 2.3 | Impact Score: 2.9 | Exploitability Score: 4.4

VMScore: 206

Vector: AV:A/AC:M/Au:S/C:P/I:N/A:N

The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel prior to 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
redhat enterprise linux 6.0
canonical ubuntu linux 12.04
suse linux enterprise desktop 11
suse linux enterprise server 11
suse linux enterprise real time extension 11
suse linux enterprise high availability extension 11
f5 big-ip local traffic manager 12.0.0
f5 big-ip policy enforcement manager 12.0.0
f5 big-ip application acceleration manager 12.0.0
f5 big-ip access policy manager 12.0.0
f5 big-iq application delivery controller 4.5.0
f5 big-ip analytics 12.0.0
f5 big-ip advanced firewall manager 12.0.0
f5 big-ip domain name system 12.0.0
f5 big-ip application security manager 12.0.0
f5 big-ip link controller 12.0.0
f5 big-iq security
f5 big-iq device
f5 big-iq cloud
f5 enterprise manager
f5 big-ip edge gateway
f5 big-ip protocol security module
f5 big-ip wan optimization manager
f5 big-ip webaccelerator
f5 big-ip global traffic manager
f5 big-ip policy enforcement manager
f5 big-ip link controller
f5 big-ip application security manager
f5 big-ip access policy manager
f5 big-ip analytics
f5 big-ip advanced firewall manager
f5 big-ip application acceleration manager
f5 big-ip local traffic manager

Debian Bug report logs - #751417 linux-image-320-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ) on MIPS (CVE-2014-4157) Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Plamen Alexandrov <plamen@aomedacom> Date: Thu, 12 Jun 2014 16:21:01 ...

Several security issues were fixed in the kernel ...

An information leak flaw was found in the RAM Disks Memory Copy (rd_mcp) backend driver of the iSCSI Target subsystem of the Linux kernel A privileged user could use this flaw to leak the contents of kernel memory to an iSCSI initiator remote client ...

CWE-200 https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc https://bugzilla.redhat.com/show_bug.cgi?id=1108744 http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618 http://www.openwall.com/lists/oss-security/2014/06/11/1 http://secunia.com/advisories/59777 http://secunia.com/advisories/60564 http://www.ubuntu.com/usn/USN-2334-1 http://www.ubuntu.com/usn/USN-2335-1 https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html http://secunia.com/advisories/61310 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://secunia.com/advisories/59134 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751417 https://usn.ubuntu.com/2335-1/https://access.redhat.com/security/cve/cve-2014-4027

CVE-2014-4027

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect