Jorge Daniel Sequeira Matias discovered an information leak in the rd_mcp backend of the iSCSI target subsystem in the Linux kernel (originally reported to the Debian Security Team and investigated by Nicholas A. Bellinger): Introduced in 2.6.38 and fixed in 3.14 with https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc
CVE-2014-4027 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4027): The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.
Yep, fixed in 3.14.