Back to search
CVE-2014-4027
Published: Jun 23, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
SUSE-SU-2014:1316
vendor-advisory
x_refsource_SUSE
59134
third-party-advisory
x_refsource_SECUNIA
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1108744
x_refsource_CONFIRM
USN-2335-1
vendor-advisory
x_refsource_UBUNTU
USN-2334-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SU-2014:1319
vendor-advisory
x_refsource_SUSE
60564
third-party-advisory
x_refsource_SECUNIA
59777
third-party-advisory
x_refsource_SECUNIA
61310
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20140611 Re: CVE request: Linux kernel / target information leak
mailing-list
x_refsource_MLIST
[target-devel] 20140616 [PATCH] target: Explicitly clear ramdisk_mcp backend pages
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now