关键漏洞信息 Bug ID: 1064253 CVE ID: CVE-2014-0069 Title: kernel: cifs: incorrect handling of bogus user pointers during uncached writes Status: CLOSED ERRATA Product: Security Response Component: vulnerability Priority: medium Severity: medium Reported Date: 2014-02-12 10:02 UTC Modified Date: 2023-05-12 02:20 UTC Last Closed: 2014-04-28 17:38:47 UTC 漏洞描述 Vulnerability: A flaw was found in the way cifs handled iovecs with bogus pointers userland passed down via writev() during uncached writes. Impact: An unprivileged local user could use this flaw to crash the system or leak kernel memory. Privilege escalation is possible but unlikely. Mitigation: The default cache settings for cifs mounts on Red Hat Enterprise Linux prohibit successful exploitation of this issue. 补丁与更新 Patches: Reported to the linux-cifs mailing list. - Patch 1 - Patch 2 Fedora Updates: - kernel-3.12.11-201.fc19 pushed to Fedora 19 stable repository. - kernel-3.13.3-201.fc20 pushed to Fedora 20 stable repository. Affected Products: - Red Hat Enterprise Linux 6 (RHSA-2014:0328) - MRG for RHEL-6 v.2 (RHSA-2014:0439) 其他信息 Acknowledgements: Red Hat thanks Al Viro for reporting this issue. Statement: The issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5.