CVE-2014-2038 (Low) detected in linuxv3.10
mend-bolt-for-github opened this issue · comments
CVE-2014-2038 - Low Severity Vulnerability
Vulnerable Library - linuxv3.10
Linux kernel source tree
Library home page: https://github.com/torvalds/linux.git
Found in HEAD commit: adc86a86e0ac98007fd3af905bc71e9f29c1502c
Found in base branch: xsentinel-1.7-experimental
Vulnerability Details
The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by writing to a file in an NFS filesystem and then reading the same file.
Publish Date: 2014-02-28
URL: CVE-2014-2038
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-2038
Release Date: 2014-02-28
Fix Resolution: 3.13.3
Step up your Open Source Security Game with WhiteSource here