CVE-2014-0069 Information
Description
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes which allows local users to obtain sensitive information from kernel memory cause a denial of service (memory corruption and system crash) or possibly gain privileges via a writev system call with a crafted pointer.
Reference
http://article.gmane.org/gmane.linux.kernel.cifs/9401 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5d81de8e8667da7135d3a32a964087c0faf5483f http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html http://rhn.redhat.com/errata/RHSA-2014-0328.html http://www.openwall.com/lists/oss-security/2014/02/17/4 http://www.securityfocus.com/bid/65588 https://bugzilla.redhat.com/show_bug.cgi?id=1064253 https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f
Share on: