CVE 2014-0069
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.
Related bugs and status
CVE-2014-0069 (Candidate) is related to these bugs:
Bug #1283101: CIFS: sanity check length of data to send before sending
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1283101 | CIFS: sanity check length of data to send before sending | linux (Ubuntu) | Undecided | Fix Released | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux (Ubuntu Precise) | Undecided | Won't Fix | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux (Ubuntu Trusty) | Undecided | Fix Released | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux (Ubuntu Saucy) | Undecided | Won't Fix | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux (Ubuntu Lucid) | Undecided | Won't Fix | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux (Ubuntu Quantal) | Undecided | Won't Fix | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-ec2 (Ubuntu) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-ec2 (Ubuntu Lucid) | Undecided | Won't Fix | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-ec2 (Ubuntu Precise) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-ec2 (Ubuntu Quantal) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-ec2 (Ubuntu Saucy) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-ec2 (Ubuntu Trusty) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-ti-omap4 (Ubuntu) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-ti-omap4 (Ubuntu Lucid) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-ti-omap4 (Ubuntu Precise) | Undecided | Won't Fix | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-ti-omap4 (Ubuntu Quantal) | Undecided | Won't Fix | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-ti-omap4 (Ubuntu Saucy) | Undecided | Won't Fix | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-ti-omap4 (Ubuntu Trusty) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-lts-quantal (Ubuntu) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-lts-quantal (Ubuntu Lucid) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-lts-quantal (Ubuntu Precise) | Undecided | Won't Fix | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-lts-quantal (Ubuntu Quantal) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-lts-quantal (Ubuntu Saucy) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-lts-quantal (Ubuntu Trusty) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-lts-raring (Ubuntu) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-lts-raring (Ubuntu Lucid) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-lts-raring (Ubuntu Precise) | Undecided | Won't Fix | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-lts-raring (Ubuntu Quantal) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-lts-raring (Ubuntu Saucy) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-lts-raring (Ubuntu Trusty) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-lts-saucy (Ubuntu) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-lts-saucy (Ubuntu Lucid) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-lts-saucy (Ubuntu Precise) | Undecided | Won't Fix | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-lts-saucy (Ubuntu Quantal) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-lts-saucy (Ubuntu Saucy) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-lts-saucy (Ubuntu Trusty) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-armadaxp (Ubuntu) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-armadaxp (Ubuntu Lucid) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-armadaxp (Ubuntu Precise) | Undecided | Won't Fix | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-armadaxp (Ubuntu Quantal) | Undecided | Won't Fix | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-armadaxp (Ubuntu Saucy) | Undecided | Invalid | ||
| 1283101 | CIFS: sanity check length of data to send before sending | linux-armadaxp (Ubuntu Trusty) | Undecided | Invalid | ||
Bug #1285051: CVE-2014-0069
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1285051 | CVE-2014-0069 | linux (Ubuntu) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-fsl-imx51 (Ubuntu) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-mvl-dove (Ubuntu) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-lts-backport-maverick (Ubuntu) | Undecided | Won't Fix | ||
| 1285051 | CVE-2014-0069 | linux-lts-backport-natty (Ubuntu) | Undecided | Won't Fix | ||
| 1285051 | CVE-2014-0069 | linux-ti-omap4 (Ubuntu) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-ec2 (Ubuntu) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux (Ubuntu Trusty) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-ec2 (Ubuntu Trusty) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-fsl-imx51 (Ubuntu Trusty) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-lts-backport-maverick (Ubuntu Trusty) | Undecided | Won't Fix | ||
| 1285051 | CVE-2014-0069 | linux-lts-backport-natty (Ubuntu Trusty) | Undecided | Won't Fix | ||
| 1285051 | CVE-2014-0069 | linux-mvl-dove (Ubuntu Trusty) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-ti-omap4 (Ubuntu Trusty) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-lts-backport-maverick (Ubuntu Saucy) | Undecided | Won't Fix | ||
| 1285051 | CVE-2014-0069 | linux-lts-backport-natty (Ubuntu Saucy) | Undecided | Won't Fix | ||
| 1285051 | CVE-2014-0069 | linux-lts-backport-maverick (Ubuntu Quantal) | Undecided | Won't Fix | ||
| 1285051 | CVE-2014-0069 | linux-lts-backport-natty (Ubuntu Quantal) | Undecided | Won't Fix | ||
| 1285051 | CVE-2014-0069 | linux (Ubuntu Precise) | Medium | Fix Released | ||
| 1285051 | CVE-2014-0069 | linux-ec2 (Ubuntu Precise) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-fsl-imx51 (Ubuntu Precise) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-lts-backport-maverick (Ubuntu Precise) | Undecided | Won't Fix | ||
| 1285051 | CVE-2014-0069 | linux-lts-backport-natty (Ubuntu Precise) | Undecided | Won't Fix | ||
| 1285051 | CVE-2014-0069 | linux-mvl-dove (Ubuntu Precise) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-ti-omap4 (Ubuntu Precise) | Medium | Fix Released | ||
| 1285051 | CVE-2014-0069 | linux-lts-backport-maverick (Ubuntu Lucid) | Undecided | Won't Fix | ||
| 1285051 | CVE-2014-0069 | linux-lts-backport-natty (Ubuntu Lucid) | Undecided | Won't Fix | ||
| 1285051 | CVE-2014-0069 | linux-armadaxp (Ubuntu) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-armadaxp (Ubuntu Precise) | Medium | Fix Released | ||
| 1285051 | CVE-2014-0069 | linux-armadaxp (Ubuntu Trusty) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-lts-saucy (Ubuntu) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-lts-saucy (Ubuntu Precise) | Medium | Fix Released | ||
| 1285051 | CVE-2014-0069 | linux-lts-saucy (Ubuntu Trusty) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-lts-quantal (Ubuntu) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-lts-quantal (Ubuntu Precise) | Medium | Fix Released | ||
| 1285051 | CVE-2014-0069 | linux-lts-quantal (Ubuntu Trusty) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-lts-raring (Ubuntu) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-lts-raring (Ubuntu Precise) | Medium | Fix Released | ||
| 1285051 | CVE-2014-0069 | linux-lts-raring (Ubuntu Trusty) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-lts-backport-maverick (Ubuntu Utopic) | Undecided | Won't Fix | ||
| 1285051 | CVE-2014-0069 | linux-lts-backport-natty (Ubuntu Utopic) | Undecided | Won't Fix | ||
| 1285051 | CVE-2014-0069 | linux-lts-trusty (Ubuntu) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-lts-trusty (Ubuntu Precise) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-lts-trusty (Ubuntu Trusty) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux (Ubuntu Vivid) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-armadaxp (Ubuntu Vivid) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-ec2 (Ubuntu Vivid) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-fsl-imx51 (Ubuntu Vivid) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-lts-backport-maverick (Ubuntu Vivid) | Undecided | Won't Fix | ||
| 1285051 | CVE-2014-0069 | linux-lts-backport-natty (Ubuntu Vivid) | Undecided | Won't Fix | ||
| 1285051 | CVE-2014-0069 | linux-lts-quantal (Ubuntu Vivid) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-lts-raring (Ubuntu Vivid) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-lts-saucy (Ubuntu Vivid) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-lts-trusty (Ubuntu Vivid) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-mvl-dove (Ubuntu Vivid) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-ti-omap4 (Ubuntu Vivid) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-goldfish (Ubuntu) | Medium | New | ||
| 1285051 | CVE-2014-0069 | linux-goldfish (Ubuntu Precise) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-goldfish (Ubuntu Trusty) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-goldfish (Ubuntu Vivid) | Medium | Won't Fix | ||
| 1285051 | CVE-2014-0069 | linux-flo (Ubuntu) | Medium | New | ||
| 1285051 | CVE-2014-0069 | linux-flo (Ubuntu Precise) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-flo (Ubuntu Trusty) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-flo (Ubuntu Vivid) | Medium | Won't Fix | ||
| 1285051 | CVE-2014-0069 | linux-mako (Ubuntu) | Medium | New | ||
| 1285051 | CVE-2014-0069 | linux-mako (Ubuntu Precise) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-mako (Ubuntu Trusty) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-mako (Ubuntu Vivid) | Medium | New | ||
| 1285051 | CVE-2014-0069 | linux-lts-utopic (Ubuntu) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-lts-utopic (Ubuntu Precise) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-lts-utopic (Ubuntu Trusty) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-lts-utopic (Ubuntu Vivid) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-manta (Ubuntu) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-manta (Ubuntu Precise) | Medium | Invalid | ||
| 1285051 | CVE-2014-0069 | linux-manta (Ubuntu Trusty) | Medium | Invalid | ||
See the 
CVE page on Mitre.org
for more details.
