CVE-2014-1737
Description
The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.
Risk Information
Base Score
8.4
MODERATE
Vector
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.045
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Linux kernel (USN-2221-1) linux-image-3.2.0-63-generic_3.2.0-63.95_i386.deb | Linux |
| Linux kernel (USN-2221-1) linux-image-3.2.0-63-generic_3.2.0-63.95_amd64.deb | Linux |
| Linux kernel (USN-2221-1) linux-image-3.2.0-63-virtual_3.2.0-63.95_i386.deb | Linux |
| Linux kernel (USN-2221-1) linux-image-3.2.0-63-virtual_3.2.0-63.95_amd64.deb | Linux |
| Linux kernel (USN-2221-1) linux-image-3.2.0-63-generic-pae_3.2.0-63.95_i386.deb | Linux |
| Linux hardware enablement kernel from Quantal (USN-2223-1) linux-image-3.5.0-51-generic_3.5.0-51.77~precise1_i386.deb | Linux |
| Linux hardware enablement kernel from Quantal (USN-2223-1) linux-image-3.5.0-51-generic_3.5.0-51.77~precise1_amd64.deb | Linux |
| Linux hardware enablement kernel from Raring (USN-2224-1) linux-image-3.8.0-41-generic_3.8.0-41.60~precise1_i386.deb | Linux |
| Linux hardware enablement kernel from Raring (USN-2224-1) linux-image-3.8.0-41-generic_3.8.0-41.60~precise1_amd64.deb | Linux |
| Linux hardware enablement kernel from Saucy (USN-2225-1) linux-image-3.11.0-22-generic_3.11.0-22.38~precise1_i386.deb | Linux |
| Linux hardware enablement kernel from Saucy (USN-2225-1) linux-image-3.11.0-22-generic_3.11.0-22.38~precise1_amd64.deb | Linux |
| Linux kernel (USN-2226-1) linux-image-3.13.0-27-generic_3.13.0-27.50_i386.deb | Linux |
| Linux kernel (USN-2226-1) linux-image-3.13.0-27-generic_3.13.0-27.50_amd64.deb | Linux |
| Linux kernel (USN-2226-1) linux-image-3.13.0-27-lowlatency_3.13.0-27.50_i386.deb | Linux |
| Linux kernel (USN-2226-1) linux-image-3.13.0-27-lowlatency_3.13.0-27.50_amd64.deb | Linux |
| Block storage devices (udeb) (USN-2260-1) linux-image-3.13.0-30-generic_3.13.0-30.55~precise1_i386.deb | Linux |
| Block storage devices (udeb) (USN-2260-1) linux-image-3.13.0-30-generic_3.13.0-30.55~precise1_amd64.deb | Linux |
| Dtrace-modules-3.8.13-35.1.2.el6uek update (ELSA-2014-3041) dtrace-modules-3.8.13-35.1.2.el6uek-0.4.3-4.el6.x86_64.rpm | Linux |
| Dtrace-modules-3.8.13-44.el6uek update (ELSA-2014-3070) dtrace-modules-3.8.13-44.el6uek-0.4.3-4.el6.x86_64.rpm | Linux |
| Dtrace-modules-3.8.13-44.el7uek update (ELSA-2014-3070) dtrace-modules-3.8.13-44.el7uek-0.4.3-4.el7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234