Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 512998 (CVE-2014-4027) - Kernel: rd_mcp backend: information leak in the iSCSI target subsystem (CVE-2014-4027)
Summary: Kernel: rd_mcp backend: information leak in the iSCSI target subsystem (CVE-2...
Status: RESOLVED FIXED
Alias: CVE-2014-4027
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL: http://seclists.org/oss-sec/2014/q2/510
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-06-11 19:52 UTC by Kristian Fiskerstrand (RETIRED)
Modified: 2022-03-25 22:12 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-06-11 19:52:25 UTC
Jorge Daniel Sequeira Matias discovered an information leak in the rd_mcp backend
of the iSCSI target subsystem in the Linux kernel (originally reported to the
Debian Security Team and investigated by Nicholas A. Bellinger):

Introduced in 2.6.38 and fixed in 3.14 with
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2014-08-10 14:18:06 UTC
CVE-2014-4027 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4027):
  The rd_build_device_space function in drivers/target/target_core_rd.c in the
  Linux kernel before 3.14 does not properly initialize a certain data
  structure, which allows local users to obtain sensitive information from
  ramdisk_mcp memory by leveraging access to a SCSI initiator.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-25 22:12:38 UTC
Yep, fixed in 3.14.