CVE-2014-0069

The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f	Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/02/17/4	Mailing List Third Party Advisory
http://article.gmane.org/gmane.linux.kernel.cifs/9401	Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=1064253	Issue Tracking Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0328.html	Third Party Advisory
http://www.securityfocus.com/bid/65588	Third Party Advisory VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html	Mailing List Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5d81de8e8667da7135d3a32a964087c0faf5483f

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::vmware::*
	cpe:2.3:o:suse:linux_enterprise_server:11:-::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::-::*

Configuration 3 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:6.5:::::::*

Information

Published : 2014-02-27 22:18

Updated : 2023-02-12 16:31

NVD link : CVE-2014-0069

Mitre link : CVE-2014-0069

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

redhat

enterprise_linux_desktop
enterprise_linux_server_aus
enterprise_linux_workstation
enterprise_linux_server_tus
enterprise_linux_server
enterprise_linux_eus

suse

linux_enterprise_desktop
linux_enterprise_server

linux

linux_kernel

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f", "name": "https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f", "tags": ["Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.openwall.com/lists/oss-security/2014/02/17/4", "name": "[oss-security] 20140217 CVE-2014-0069 -- kernel: cifs: incorrect handling of bogus user pointers during uncached writes", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "http://article.gmane.org/gmane.linux.kernel.cifs/9401", "name": "[linux-cifs] 20140214 [PATCH] cifs: ensure that uncached writes handle unmapped areas correctly", "tags": ["Broken Link"], "refsource": "MLIST"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064253", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1064253", "tags": ["Issue Tracking", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0328.html", "name": "RHSA-2014:0328", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.securityfocus.com/bid/65588", "name": "65588", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html", "name": "SUSE-SU-2014:0459", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5d81de8e8667da7135d3a32a964087c0faf5483f", "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5d81de8e8667da7135d3a32a964087c0faf5483f", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-0069", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-02-28T06:18Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.13.5"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-13T00:31Z"}

7.2 /10