CVE-2014-4027

Updated: 2024-07-12

CWE: Permissions, Privileges, and Access Control

Description:

The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.

CVSS3:


Vendor State

OS Vendor version Errata
RHEL 7 3.10.0-123.13.1.el7 RHSA-2014:1971
Ubuntu 14.04 3.13.0-35.62 USN-2337-1
Ubuntu 14.04 ESM 3.13.0-35.62 USN-2337-1
CentOS 7 3.10.0-123.13.1.el7 CESA-2014:1971
CentOS 7 plus 3.10.0-123.13.1.el7.centos.plus CESA-2014:1971
Oracle Linux 7 3.10.0-123.13.1.el7 ELSA-2014-1971

KernelCare State

OS Original kernel version State
RHEL 7
3.10.0-123.8.1.el7 show all hide all
3.10.0-123.6.3.el7 3.10.0-123.4.2.el7 3.10.0-123.1.2.el7 3.10.0-123.9.2.el7 3.10.0-123.9.3.el7 3.10.0-123.el7 3.10.0-123.4.4.el7
Released
Ubuntu 14.04
Ready For Release
Ubuntu 14.04 ESM
Ready For Release
CentOS 7
3.10.0-123.1.2.el7 show all hide all
3.10.0-123.4.2.el7 3.10.0-123.6.3.el7 3.10.0-123.8.1.el7 3.10.0-123.9.2.el7 3.10.0-123.9.3.el7 3.10.0-123.el7 3.10.0-123.4.4.el7
Released
CentOS 7 plus
3.10.0-123.8.1.el7.centos.plus show all hide all
3.10.0-123.6.3.el7.centos.plus 3.10.0-123.4.4.el7.centos.plus 3.10.0-123.9.2.el7.centos.plus 3.10.0-123.9.3.el7.centos.plus 3.10.0-123.el7.centos.plus 3.10.0-123.1.2.el7.centos.plus 3.10.0-123.4.2.el7.centos.plus
Released
Oracle Linux 7
3.10.0-123.9.3.el7 show all hide all
3.10.0-123.el7 3.10.0-123.4.4.el7 3.10.0-123.6.3.el7 3.10.0-123.4.2.el7 3.10.0-123.8.1.el7 3.10.0-123.9.2.el7 3.10.0-123.1.2.el7
Released
CloudLinux OS 7
3.10.0-233.1.2.lve1.3.33.4.el7 show all hide all
3.10.0-223.1.2.lve1.3.22.el7 3.10.0-223.1.2.lve1.3.33.3.el7 3.10.0-223.1.2.lve1.3.33.el7 3.10.0-233.1.2.lve1.3.33.1.el7
Released
OEL 7 Dell
Ready For Release
Endurance 7 eig 3.10
Ready For Release
Debian 10 cloud
Will Not Fix
Debian 9 backports
Will Not Fix