The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Canonical
  • Ubuntu Linux
F5
  • Big-ip Access Policy Manager
  • Big-ip Advanced Firewall Manager
  • Big-ip Analytics
  • Big-ip Application Acceleration Manager
  • Big-ip Application Security Manager
  • Big-ip Domain Name System
  • Big-ip Edge Gateway
  • Big-ip Global Traffic Manager
  • Big-ip Link Controller
  • Big-ip Local Traffic Manager
  • Big-ip Policy Enforcement Manager
  • Big-ip Protocol Security Module
  • Big-ip Wan Optimization Manager
  • Big-ip Webaccelerator
  • Big-iq Application Delivery Controller
  • Big-iq Cloud
  • Big-iq Device
  • Big-iq Security
  • Enterprise Manager
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
  • Enterprise Mrg
Suse
  • Linux Enterprise Desktop
  • Linux Enterprise High Availability Extension
  • Linux Enterprise Real Time Extension
  • Linux Enterprise Server

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*

Configuration 5 [-]

OR cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-iq_application_delivery_controller:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-iq_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-iq_device:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-iq_security:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:enterprise_manager:*:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 7
kernel-0:3.10.0-123.13.1.el7 cpe:/o:redhat:enterprise_linux:7 RHSA-2014:1971 2014-12-09T00:00:00Z
Red Hat Enterprise MRG 2
kernel-rt-0:3.10.33-rt32.43.el6rt cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2014:0913 2014-07-22T00:00:00Z
References
Link Providers
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html cve-icon cve-icon
http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618 cve-icon cve-icon
http://secunia.com/advisories/59134 cve-icon cve-icon
http://secunia.com/advisories/59777 cve-icon cve-icon
http://secunia.com/advisories/60564 cve-icon cve-icon
http://secunia.com/advisories/61310 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2014/06/11/1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2334-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2335-1 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=1108744 cve-icon cve-icon
https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2014-4027 cve-icon
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2014-4027 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-06-23T10:00:00

Updated: 2024-08-06T11:04:27.539Z

Reserved: 2014-06-11T00:00:00

Link: CVE-2014-4027

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-06-23T11:21:18.700

Modified: 2024-11-21T02:09:21.917

Link: CVE-2014-4027

cve-icon Redhat

Severity : Low

Publid Date: 2014-01-07T00:00:00Z

Links: CVE-2014-4027 - Bugzilla