Main Vulnerability Database Vulnerabilities #VU40223

Information disclosure in Linux kernel - CVE-2014-9903

Published: June 27, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40223

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2014-9903

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local authenticated user to gain access to sensitive information.

The sched_read_attr function in kernel/sched/core.c in the Linux kernel 3.14-rc before 3.14-rc4 uses an incorrect size, which allows local users to obtain sensitive information from kernel stack memory via a crafted sched_getattr system call.

How to mitigate CVE-2014-9903

Install update from vendor's website.

Sources

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4efbc454ba68def5ef285b26ebfcfdb605b52755
http://www.securityfocus.com/bid/91511
https://github.com/torvalds/linux/commit/4efbc454ba68def5ef285b26ebfcfdb605b52755

Information disclosure in Linux kernel - CVE-2014-9903

Detailed vulnerability description

How to mitigate CVE-2014-9903

Sources

Please verify you're human