Vulnerability Name:

CVE-2014-0069 (CCN-91225)

Assigned:2013-12-03
Published:2014-02-14
Updated:2023-02-13
Summary:The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.2 Medium (REDHAT CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C)
4.6 Medium (REDHAT Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: linux-cifs mailing list, 2014-02-14 12:20:35 GMT
cifs: ensure that uncached writes handle unmapped areas correctly

Source: secalert@redhat.com
Type: Broken Link
secalert@redhat.com

Source: MITRE
Type: CNA
CVE-2014-0069

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: RHSA-2014-0328
Important: kernel security and bug fix update

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: RHSA-2014-0439
Important: kernel-rt security, bug fix, and enhancement update

Source: CCN
Type: SA56967
Linux Kernel CIFS Uncached Writes Handling Vulnerability

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: BID-65588
Linux Kernel '/fs/cifs/file.c' Local Memory Corruption Vulnerability

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: secalert@redhat.com
Type: Issue Tracking, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla Bug 1064253
(CVE-2014-0069) CVE-2014-0069 kernel: cifs: incorrect handling of bogus user pointers during uncached writes

Source: XF
Type: UNKNOWN
linux-kernel-cve20140069-priv-esc(91225)

Source: secalert@redhat.com
Type: Patch, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-0069

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:3.4.80:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.10.30:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.12.11:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.13.3:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20140069
    V
    		CVE-2014-0069
    2022-05-22
    oval:org.mitre.oval:def:26883
    P
    		ELSA-2014-3014 -- unbreakable enterprise kernel security update (important)
    2015-03-16
    oval:org.mitre.oval:def:25408
    P
    		SUSE-SU-2014:0696-1 -- Security update for Linux kernel
    2014-09-08
    oval:org.mitre.oval:def:25525
    P
    		SUSE-SU-2014:0531-1 -- Security update for Linux kernel
    2014-09-08
    oval:org.mitre.oval:def:25533
    P
    		SUSE-SU-2014:0459-1 -- Security update for Linux Kernel
    2014-09-08
    oval:org.mitre.oval:def:24864
    P
    		USN-2177-1 -- linux-lts-saucy vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:24338
    P
    		USN-2227-1 -- linux-ti-omap4 vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:24637
    P
    		USN-2176-1 -- linux-lts-raring vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:23690
    P
    		ELSA-2014:0328: kernel security and bug fix update (Important)
    2014-07-21
    oval:org.mitre.oval:def:24461
    P
    		USN-2179-1 -- linux vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:24748
    P
    		USN-2221-1 -- linux vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:24554
    P
    		USN-2180-1 -- linux-ti-omap4 vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:24238
    P
    		USN-2175-1 -- linux-lts-quantal vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:24576
    P
    		USN-2181-1 -- linux-ti-omap4 vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:24826
    P
    		USN-2178-1 -- linux vulnerabilities
    2014-07-07
    oval:org.mitre.oval:def:24219
    P
    		RHSA-2014:0328: kernel security and bug fix update (Important)
    2014-05-12
    oval:com.redhat.rhsa:def:20140328
    P
    		RHSA-2014:0328: kernel security and bug fix update (Important)
    2014-03-25
    oval:com.ubuntu.precise:def:20140069000
    V
    		CVE-2014-0069 on Ubuntu 12.04 LTS (precise) - medium.
    2014-02-28
    oval:com.ubuntu.trusty:def:20140069000
    V
    		CVE-2014-0069 on Ubuntu 14.04 LTS (trusty) - medium.
    2014-02-28
    oval:com.ubuntu.xenial:def:201400690000000
    V
    		CVE-2014-0069 on Ubuntu 16.04 LTS (xenial) - medium.
    2014-02-28
    oval:com.ubuntu.xenial:def:20140069000
    V
    		CVE-2014-0069 on Ubuntu 16.04 LTS (xenial) - medium.
    2014-02-28
    BACK
    linux linux kernel 3.4.80
    linux linux kernel 3.10.30
    linux linux kernel 3.12.11
    linux linux kernel 3.13.3
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux desktop 6
    redhat enterprise linux hpc node 6