CVE-2014-4027 — Sensitive Information Exposure in Kernel

CWE-200 — Sensitive Information Exposure12 documents8 sources

Severity

2.3LOWNVD

EPSS

0.1%

top 74.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager +23 more

Timeline

PublishedJun 23

Latest updateMay 13

Description

The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.

CVSS vector

AV:A/AC:M/C:P/I:N/A:NExploitability: 4.4 | Impact: 2.9

Affected Packages25 packages

▶NVDlinux/linux_kernel< 3.14

▶Debianlinux/linux_kernel< 3.14.2-1+3

▶NVDf5/big-ip_access_policy_manager11.1.0 — 11.6.0+1

▶NVDf5/big-ip_local_traffic_manager11.1.0 — 11.6.0+1

▶NVDsuse/linux_enterprise_server11

Also affects: Ubuntu Linux 12.04, Enterprise Linux 6.0

Patches

Patch: www.openwall.com ↗Patch: bugzilla.redhat.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-j649-2854-8rqg: The rd_build_device_space function in drivers/target/target_core_rd↗2022-05-13

▶

CVEList

CVE-2014-4027: The rd_build_device_space function in drivers/target/target_core_rd↗2014-06-23

▶

OSV

CVE-2014-4027: The rd_build_device_space function in drivers/target/target_core_rd↗2014-06-23

▶

📋Vendor Advisories

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2014-09-02

▶

Ubuntu

Linux kernel vulnerabilities↗2014-09-02

▶

Ubuntu

Linux kernel (Trusty HWE) vulnerabilities↗2014-09-02

▶

Ubuntu

Linux kernel vulnerabilities↗2014-09-02

▶

Ubuntu

Linux kernel (Quantal HWE) vulnerabilities↗2014-07-17

▶

💬Community

Bugzilla

CVE-2014-4027 Kernel: target/rd: imformation leakage↗2014-06-12

▶