Vulnerabilities

CVE-2014-1739

by Fred · 23/06/2014

The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.

Date published : 2014-06-23

http://www.securityfocus.com/bid/68048

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e6a623460e5fc960ac3ee9f946d3106233fd28d8

Related

Tags: Cybersecurity Alert