CVE-2014-1739
Published: 23 June 2014
The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.
From the Ubuntu security team
Salva Peiró discovered an information leak in the Linux kernel's media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.2.0-16.19)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(3.13.0-32.57)
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Released
(3.2.0-65.98)
|
|
|
Patches: Introduced by 1651333b09743887bc2dd3d158a11853a2be3fe7 Fixed by e6a623460e5fc960ac3ee9f946d3106233fd28d8 |
||
|
linux-2.6 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-armadaxp Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
(precise was released [3.2.0-1635.50])
|
|
| This package is not directly supported by the Ubuntu Security Team | ||
|
linux-aws Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.4.0-1001.10)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(4.4.0-1002.2)
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-flo Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(abandoned)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [was needed now end-of-life])
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-gke Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.4.0-1003.3)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(abandoned)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [was needed now end-of-life])
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-grouper Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [abandoned])
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-hwe Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.8.0-36.36~16.04.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.8.0-36.36~16.04.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-linaro-omap Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
(precise was ignored [abandoned])
|
|
|
linux-linaro-shared Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
(precise was ignored [abandoned])
|
|
|
linux-linaro-vexpress Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
(precise was ignored [abandoned])
|
|
|
linux-lts-quantal Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
(precise was released [3.5.0-54.81~precise1])
|
|
|
Patches: DNE |
||
|
linux-lts-raring Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
(precise was released [3.8.0-44.66~precise1])
|
|
|
linux-lts-saucy Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
(precise was released [3.11.0-24.41~precise1])
|
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Released
(3.13.0-32.57~precise1)
|
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [3.16.0-25.33~14.04.2])
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [3.19.0-18.18~14.04.1])
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [4.2.0-18.22~14.04.1])
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(4.4.0-13.29~14.04.1)
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-maguro Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [abandoned])
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-mako Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(abandoned)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [was needed now end-of-life])
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-manta Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [was needed now end-of-life])
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-qcm-msm Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
(precise was ignored [abandoned])
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.2.0-1013.19)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.4.0-1012.12)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.15~rc6)
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
(precise was released [3.2.0-1450.69])
|
|
Notes
| Author | Note |
|---|---|
| jdstrand | android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6a623460e5fc960ac3ee9f946d3106233fd28d8
- https://usn.ubuntu.com/usn/usn-2259-1
- https://usn.ubuntu.com/usn/usn-2261-1
- https://usn.ubuntu.com/usn/usn-2263-1
- https://usn.ubuntu.com/usn/usn-2264-1
- https://usn.ubuntu.com/usn/usn-2285-1
- https://usn.ubuntu.com/usn/usn-2286-1
- https://usn.ubuntu.com/usn/usn-2288-1
- https://usn.ubuntu.com/usn/usn-2290-1
- NVD
- Launchpad
- Debian