Home > Vulnerability Database > CVE-2014-1737

Mend.io Vulnerability Database

CVE-2014-1737

Date: May 11, 2014

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.

Language: C

Severity Score

8.4

Related Resources (24)

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1094299

Url: http://secunia.com/advisories/59599

Url: http://rhn.redhat.com/errata/RHSA-2014-0801.html

Url: https://access.redhat.com/security/cve/CVE-2014-1737

Url: https://security-tracker.debian.org/tracker/CVE-2014-1737

Url: http://www.debian.org/security/2014/dsa-2928

Url: http://www.debian.org/security/2014/dsa-2926

Url: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c

Url: http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html

Url: http://secunia.com/advisories/59309

Url: http://linux.oracle.com/errata/ELSA-2014-3043.html

Url: http://secunia.com/advisories/59406

Url: http://rhn.redhat.com/errata/RHSA-2014-0800.html

Url: http://linux.oracle.com/errata/ELSA-2014-0771.html

Url: http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html

Url: http://www.securitytracker.com/id/1030474

Url: http://secunia.com/advisories/59262

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-1737

Url: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c

Url: http://www.securityfocus.com/bid/67300

Url: https://github.com/torvalds/linux/commit/ef87dbe7614341c2e7bfe8d32fcb7028cc97442c

Url: http://www.openwall.com/lists/oss-security/2014/05/09/2

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2014-1737

Url: https://www.mend.io/vulnerability-database/CVE-2014-1737

Severity Score

8.4

Weakness Type (CWE)

Improper Check for Unusual or Exceptional Conditions

CWE-754

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	8.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.2
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-1737

Date: May 11, 2014

Language: C

Severity Score

Related Resources (24)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?