| Revision Date: | 2014-02-28 | Version: | 1 | | Title: | CVE-2014-2038 on Ubuntu 12.04 LTS (precise) - medium. | | Description: | The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by writing to a file in an NFS filesystem and then reading the same file. An information leak was discovered in the Linux kernel's NFS filesystem. A local users with write access to an NFS share could exploit this flaw to obtain potential sensative information from kernel memory.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2014-2038
| | Platform(s): | Ubuntu 12.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 12.04 LTS (precise) is installed. AND Package Information
NOT While related to the CVE in some way, the 'linux' package in precise is not affected.
OR NOT While related to the CVE in some way, the 'linux-armadaxp' package in precise is not affected.
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR NOT While related to the CVE in some way, the 'linux-lts-quantal' package in precise is not affected.
OR NOT While related to the CVE in some way, the 'linux-lts-raring' package in precise is not affected.
OR The 'linux-lts-saucy' package in precise was vulnerable but has been fixed (note: '3.11.0-18.32~precise1').
OR NOT While related to the CVE in some way, the 'linux-lts-trusty' package in precise is not affected (note: '3.13.0-24.46~precise1').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR NOT While related to the CVE in some way, the 'linux-ti-omap4' package in precise is not affected.
|
|