The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Information
Published : 2014-06-23 04:21
Updated : 2020-08-21 11:24
NVD link : CVE-2014-4027
Mitre link : CVE-2014-4027
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
suse
- linux_enterprise_desktop
- linux_enterprise_server
- linux_enterprise_real_time_extension
- linux_enterprise_high_availability_extension
f5
- big-ip_edge_gateway
- big-ip_webaccelerator
- big-ip_application_security_manager
- big-ip_wan_optimization_manager
- big-ip_global_traffic_manager
- big-ip_link_controller
- big-ip_protocol_security_module
- big-iq_cloud
- big-iq_security
- enterprise_manager
- big-ip_domain_name_system
- big-ip_advanced_firewall_manager
- big-ip_access_policy_manager
- big-iq_device
- big-iq_application_delivery_controller
- big-ip_local_traffic_manager
- big-ip_application_acceleration_manager
- big-ip_analytics
- big-ip_policy_enforcement_manager
canonical
- ubuntu_linux
linux
- linux_kernel
redhat
- enterprise_linux