CVE-2014-8181

CWE-6656 documents6 sources

Severity

5.5MEDIUM

EPSS

0.2%

top 54.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RED HAT Enterprise Linux Redhat Enterprise Linux Redhat Enterprise MRG

Timeline

PublishedNov 6

Latest updateMay 17

Description

The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5red_hat/enterprise_linux7

▶NVDredhat/enterprise_mrg2.0

Also affects: Enterprise Linux 7.0

🔴Vulnerability Details

GHSA

GHSA-8qfp-mxrj-h5cx: The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace↗2022-05-17

▶

CVEList

CVE-2014-8181: The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace↗2019-11-06

▶

📋Vendor Advisories

Red Hat

kernel: scsi: do not fill dirty page content in the SG_IO buffer↗2016-05-13

▶

Debian

CVE-2014-8181: linux - The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data f...↗2014

▶

💬Community

Bugzilla

CVE-2014-8181 kernel: scsi: do not fill dirty page content in the SG_IO buffer↗2016-05-13

▶