CVE-2014-2038 (Low) detected in linuxv3.10 #191
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2014-2038 - Low Severity Vulnerability
Linux kernel source tree
Library home page: https://github.com/torvalds/linux.git
Found in HEAD commit: 439d18b77a020411b95770ba08a9229eed466cde
Found in base branch: xsentinel-1.6-clean
The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by writing to a file in an NFS filesystem and then reading the same file.
Publish Date: 2014-02-28
URL: CVE-2014-2038
Base Score Metrics not available
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-2038
Release Date: 2014-02-28
Fix Resolution: 3.13.3
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: