Unrated severityNVD Advisory· Published May 11, 2014· Updated May 6, 2026

CVE-2014-1737

Description

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.

Affected products

Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: <3.2.59
Oracle Corporation/Linux2 versions
cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*
Red Hat/Enterprise Linux Eus2 versions
cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Desktop
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
SUSE S.A./Linux Enterprise High Availability Extension
cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Real Time Extension
cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Server2 versions
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000