** Description changed: - A flaw was found in the way cifs handled iovecs with bogus pointers - userland passed down via writev() during uncached writes. An - unprivileged local user with access to cifs share could use this flaw to - crash the system or leak kernel memory. Privilege escalation cannot be - ruled out (since memory corruption is involved), but is unlikely. + The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel + through 3.13.5 does not properly handle uncached write operations that + copy fewer than the requested number of bytes, which allows local users + to obtain sensitive information from kernel memory, cause a denial of + service (memory corruption and system crash), or possibly gain + privileges via a writev system call with a crafted pointer. Break-Fix: - 5d81de8e8667da7135d3a32a964087c0faf5483f
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1285051 Title: CVE-2014-0069 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1285051/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
