Bug 510130 (CVE-2014-1737)

Summary:	Kernel: floppy ioctl kernel code execution (CVE-2014-1737)
Product:	Gentoo Security	Reporter:	Agostino Sarubbo <ago>
Component:	Kernel	Assignee:	Gentoo Kernel Security <security-kernel>
Status:	RESOLVED FIXED
Severity:	normal	CC:	kernel
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Agostino Sarubbo gentoo-dev

2014-05-12 07:34:17 UTC

CVE-2014-1737 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1737):
  The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel 
  through 3.14.3 does not properly handle error conditions during processing 
  of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations 
  and gain privileges by leveraging write access to a /dev/fd device.

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2014-08-10 22:00:26 UTC

CVE-2014-1737 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1737):
  The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel
  through 3.14.3 does not properly handle error conditions during processing
  of an FDRAWCMD ioctl call, which allows local users to trigger kfree
  operations and gain privileges by leveraging write access to a /dev/fd
  device.

Comment 2 John Helmert III archtester

2022-03-25 22:02:42 UTC

Fix in 3.15 as https://github.com/torvalds/linux/commit/ef87dbe7614341c2e7bfe8d32fcb7028cc97442c