CVE-2014-0069 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Kernel

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer23 documents10 sources

Severity

7.2HIGHNVD

EPSS

0.0%

top 84.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Redhat Enterprise Linux Desktop Redhat Enterprise Linux EUS +6 more

Timeline

PublishedFeb 28

Latest updateJun 11

Description

The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages7 packages

▶NVDlinux/linux_kernel3.3 — 3.4.83+4

▶Debianlinux/linux_kernel< 3.13.6-1+3

▶NVDsuse/linux_enterprise_server11

▶NVDsuse/linux_enterprise_desktop11

▶NVDredhat/enterprise_linux_server6.0

Also affects: Enterprise Linux 6.5

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-mg5h-jxw2-63w8: The cifs_iovec_write function in fs/cifs/file↗2022-05-13

▶

Kernel

Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6↗2014-03-11

▶

CVEList

CVE-2014-0069: The cifs_iovec_write function in fs/cifs/file↗2014-02-28

▶

OSV

CVE-2014-0069: The cifs_iovec_write function in fs/cifs/file↗2014-02-28

▶

Kernel

Merge branch 'for-linus' of git://git.samba.org/sfrench/cifs-2.6↗2014-02-17

▶

📋Vendor Advisories

Microsoft

CVE-2014-0069: NIST NVD Details: https://nvd↗2024-06-11

▶

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2014-05-27

▶

Ubuntu

Linux kernel vulnerabilities↗2014-05-26

▶

Ubuntu

Linux kernel (Raring HWE) vulnerabilities↗2014-04-26

▶

Ubuntu

Linux kernel vulnerabilities↗2014-04-26

▶

💬Community

Bugzilla

CVE-2014-6549 OpenJDK: incorrect class loader permission check in ClassLoader getParent() (Libraries, 8055314)↗2015-01-19

▶

Bugzilla

CVE-2014-0069 kernel: cifs: incorrect handling of bogus user pointers during uncached writes↗2014-02-12

▶

Bugzilla

CVE-2014-0069 kernel: cifs: uncached writes don't handle bad user addresses correctly [fedora-rawhide]↗2014-02-07

▶

Bugzilla

CVE-2014-0069 kernel: cifs: uncached writes don't handle bad user addresses correctly [fedora-19]↗2014-02-07

▶

Bugzilla

CVE-2014-0069 kernel: cifs: uncached writes don't handle bad user addresses correctly [fedora-20]↗2014-02-07

▶