Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-1739

CWE-200 — Information Exposure19 documents11 sources

Severity

2.1LOW

EPSS

0.1%

top 71.94%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Linux Linux Kernel Canonical Ubuntu Linux Suse Linux Enterprise High Availability Extension +2 more

Timeline

PublishedJun 23

Latest updateMay 13

Description

The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages6 packages

▶NVDlinux/linux_kernel< 3.14.6

▶Debianlinux< 3.14.7-1+3

▶Ubuntulinux< 3.13.0-32.57

▶NVDsuse/suse_linux_enterprise_server11

▶NVDsuse/suse_linux_enterprise_desktop11

Also affects: Ubuntu Linux 12.04, 13.10

🔴Vulnerability Details

GHSA

GHSA-pqjc-5x4q-33rx: The media_device_enum_entities function in drivers/media/media-device↗2022-05-13

▶

OSV

linux vulnerabilities↗2014-07-17

▶

CVEList

CVE-2014-1739: The media_device_enum_entities function in drivers/media/media-device↗2014-06-23

▶

OSV

CVE-2014-1739: The media_device_enum_entities function in drivers/media/media-device↗2014-06-23

▶

Kernel

[media] media-device: fix infoleak in ioctl media_enum_entities()↗2014-04-30

▶

💥Exploits & PoCs

Exploit-DB

Linux Kernel 3.3.5 - '/drivers/media/media-device.c' Local Information Disclosure↗2014-05-28

▶

📋Vendor Advisories

Android

CVE-2014-1739: Android Security Bulletin 2017-04-01 CVE: CVE-2014-1739 Severity: MEDIUM References: A-34460642 Upstream kernel↗2017-04-01

▶

Ubuntu

Linux kernel (Quantal HWE) vulnerabilities↗2014-07-17

▶

Ubuntu

Linux kernel (Raring HWE) vulnerabilities↗2014-07-17

▶

Ubuntu

Linux kernel vulnerabilities↗2014-07-17

▶

Ubuntu

Linux kernel (Trusty HWE) vulnerabilities↗2014-07-17

▶

💬Community

Bugzilla

CVE-2014-1739 Kernel: drivers: media: an information leakage [fedora-all]↗2014-06-16

▶

Bugzilla

CVE-2014-1739 Kernel: drivers: media: an information leakage↗2014-06-16

▶