CVE-2014-1739
Published: 23 June 2014
The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.
From the Ubuntu Security Team
Salva Peiró discovered an information leak in the Linux kernel's media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory.
Notes
Author | Note |
---|---|
jdstrand |
android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels |
Priority
Status
Package | Release | Status |
---|---|---|
linux
Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
precise |
Released
(3.2.0-65.98)
|
|
saucy |
Released
(3.11.0-24.41)
|
|
trusty |
Released
(3.13.0-32.57)
|
|
upstream |
Released
(3.15~rc6)
|
|
utopic |
Not vulnerable
(3.15.0-2.6)
|
|
vivid |
Not vulnerable
(3.16.0-23.31)
|
|
wily |
Not vulnerable
(3.19.0-15.15)
|
|
xenial |
Not vulnerable
(4.2.0-16.19)
|
|
yakkety |
Not vulnerable
(4.4.0-21.37)
|
|
zesty |
Not vulnerable
(4.8.0-22.24)
|
|
Patches:
Introduced by
1651333b09743887bc2dd3d158a11853a2be3fe7
|
||
linux-2.6
Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.15~rc6)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-armadaxp
Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Released
(3.2.0-1635.50)
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.15~rc6)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
This package is not directly supported by the Ubuntu Security Team | ||
linux-aws
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Not vulnerable
(4.4.0-1002.2)
|
|
upstream |
Released
(3.15~rc6)
|
|
xenial |
Not vulnerable
(4.4.0-1001.10)
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-ec2
Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
precise |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.15~rc6)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-flo
Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Ignored
(end of life, was needed)
|
|
upstream |
Released
(3.15~rc6)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Ignored
(abandoned)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Does not exist
|
|
linux-fsl-imx51
Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.15~rc6)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-gke
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
|
|
upstream |
Released
(3.15~rc6)
|
|
xenial |
Not vulnerable
(4.4.0-1003.3)
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-goldfish
Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
saucy |
Ignored
|
|
trusty |
Ignored
(end of life, was needed)
|
|
upstream |
Released
(3.15~rc6)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Ignored
(abandoned)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
linux-grouper
Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
saucy |
Ignored
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(3.15~rc6)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-hwe
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
|
|
upstream |
Released
(3.15~rc6)
|
|
xenial |
Not vulnerable
(4.8.0-36.36~16.04.1)
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-hwe-edge
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
|
|
upstream |
Released
(3.15~rc6)
|
|
xenial |
Not vulnerable
(4.8.0-36.36~16.04.1)
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-linaro-omap
Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Ignored
(end of life)
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.15~rc6)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-linaro-shared
Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Ignored
(end of life)
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.15~rc6)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-linaro-vexpress
Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Ignored
(end of life)
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.15~rc6)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-lts-quantal
Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Released
(3.5.0-54.81~precise1)
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.15~rc6)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-lts-raring
Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Released
(3.8.0-44.66~precise1)
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.15~rc6)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-lts-saucy
Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Released
(3.11.0-24.41~precise1)
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.15~rc6)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-lts-trusty
Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Released
(3.13.0-32.57~precise1)
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.15~rc6)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-lts-utopic
Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected [3.16.0-25.33~14.04.2])
|
|
upstream |
Released
(3.15~rc6)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-lts-vivid
Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected [3.19.0-18.18~14.04.1])
|
|
upstream |
Released
(3.15~rc6)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-lts-wily
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
(trusty was not-affected [4.2.0-18.22~14.04.1])
|
|
upstream |
Released
(3.15~rc6)
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-lts-xenial
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Not vulnerable
(4.4.0-13.29~14.04.1)
|
|
upstream |
Released
(3.15~rc6)
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-maguro
Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
saucy |
Ignored
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(3.15~rc6)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-mako
Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
saucy |
Ignored
|
|
trusty |
Ignored
(end of life, was needed)
|
|
upstream |
Released
(3.15~rc6)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Ignored
(abandoned)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Does not exist
|
|
linux-manta
Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
saucy |
Ignored
|
|
trusty |
Ignored
(end of life, was needed)
|
|
upstream |
Released
(3.15~rc6)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-mvl-dove
Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.15~rc6)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-qcm-msm
Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Ignored
(end of life)
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.15~rc6)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
linux-raspi2
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
|
|
upstream |
Released
(3.15~rc6)
|
|
vivid |
Does not exist
|
|
wily |
Not vulnerable
(4.2.0-1008.12)
|
|
xenial |
Not vulnerable
(4.2.0-1013.19)
|
|
yakkety |
Not vulnerable
(4.4.0-1009.10)
|
|
zesty |
Not vulnerable
(4.8.0-1013.15)
|
|
linux-snapdragon
Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
|
|
upstream |
Released
(3.15~rc6)
|
|
wily |
Does not exist
|
|
xenial |
Not vulnerable
(4.4.0-1012.12)
|
|
yakkety |
Not vulnerable
(4.4.0-1012.12)
|
|
zesty |
Not vulnerable
(4.4.0-1029.32)
|
|
linux-ti-omap4
Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Released
(3.2.0-1450.69)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.15~rc6)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
References
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6a623460e5fc960ac3ee9f946d3106233fd28d8
- https://ubuntu.com/security/notices/USN-2259-1
- https://ubuntu.com/security/notices/USN-2261-1
- https://ubuntu.com/security/notices/USN-2263-1
- https://ubuntu.com/security/notices/USN-2264-1
- https://ubuntu.com/security/notices/USN-2285-1
- https://ubuntu.com/security/notices/USN-2286-1
- https://ubuntu.com/security/notices/USN-2288-1
- https://ubuntu.com/security/notices/USN-2290-1
- https://www.cve.org/CVERecord?id=CVE-2014-1739
- NVD
- Launchpad
- Debian