Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 15 Jun 2014 07:50:54 +0200
From: Salva Peiró <>
To: OSS Security List <>
Subject: CVE-2014-1739: Kernel Infoleak vulnerability in,media_enum_entities()


We found an infoleak vulnerability in the ioctl media_enum_entities()
that allows to disclose 200 bytes the kernel process' stack.
The vulnerability is exploitable on versions up to linux-3.15-rc3 by
local users with read access to `/dev/media0`.
Linux distributions ship with `chmod 600 /dev/media0` preventing
unprivileged local users from exploiting the vulnerability.
However, some Android devices are known to be shipped with both read
and/or write permissions for all: chmod 666 /dev/media0.

A detailed analysis, proof of concept and fixes are at:

This has been fixed in Linux Kernel commit:

Author	Salva Peiró <>
Date    Thu, 1 May 2014 12:53:28 +0000
Commit [media] media-device: fix infoleak in ioctl media_enum_entities()

    This fixes CVE-2014-1739.

    Signed-off-by: Salva Peiró <>
    Acked-by: Laurent Pinchart <>
    Signed-off-by: Mauro Carvalho Chehab <>

Salva Peiró

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ