Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 505680 (CVE-2014-0069) - Kernel: cifs: incorrect handling of bogus user pointers during uncached writes (CVE-2014-0069)
Summary: Kernel: cifs: incorrect handling of bogus user pointers during uncached write...
Status: RESOLVED FIXED
Alias: CVE-2014-0069
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-03-25 12:06 UTC by Agostino Sarubbo
Modified: 2022-03-25 21:46 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-03-25 12:06:36 UTC 
CVE-2014-0069 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0069):

The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly 
handle uncached write operations that copy fewer than the requested number of bytes, which allows local 
users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and 
system crash), or possibly gain privileges via a writev system call with a crafted pointer.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2014-08-10 22:04:56 UTC 
CVE-2014-0069 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0069):
  The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through
  3.13.5 does not properly handle uncached write operations that copy fewer
  than the requested number of bytes, which allows local users to obtain
  sensitive information from kernel memory, cause a denial of service (memory
  corruption and system crash), or possibly gain privileges via a writev
  system call with a crafted pointer.