** Changed in: linux-lts-quantal (Ubuntu Precise)
Status: New => Fix Committed
** Changed in: linux (Ubuntu Utopic)
Status: New => Invalid
** Description changed:
- Jorge Daniel Sequeira Matias discovered an information leak in the
- rd_mcp backend of the iSCSI target subsystem in the Linux kernel
- (originally reported to the Debian Security Team and investigated by
- Nicholas A. Bellinger).
+ The rd_build_device_space function in drivers/target/target_core_rd.c in
+ the Linux kernel before 3.14 does not properly initialize a certain data
+ structure, which allows local users to obtain sensitive information from
+ ramdisk_mcp memory by leveraging access to a SCSI initiator.
Break-Fix: - 4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1333612
Title:
CVE-2014-4027
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1333612/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
