CVE-2014-9114 — HIGH (7.8) — White Hats Nepal

Q: What is CVE-2014-9114?

CVE-2014-9114 is a vulnerability with a CVSS score of 7.8 (HIGH). Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.

Q: How severe is CVE-2014-9114?

CVE-2014-9114 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-9114?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Opensuse, Fedoraproject Fedora, Kernel Util-Linux.

Vulnerability Description

Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Opensuse	Opensuse	13.1
Fedoraproject	Fedora	20
Kernel	Util-Linux	<= 2.24.2-1

Related Weaknesses (CWE)

CWE-77

References

http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.hThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.hThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.htmlThird Party Advisory
http://www.openwall.com/lists/oss-security/2014/11/26/21Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/71327Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1168485Issue TrackingPatchThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/98993
https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3PatchThird Party Advisory
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e3
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8
https://security.gentoo.org/glsa/201612-14Third Party AdvisoryVDB Entry
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.hThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.hThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.htmlThird Party Advisory
http://www.openwall.com/lists/oss-security/2014/11/26/21Mailing ListPatchThird Party Advisory

FAQ

What is CVE-2014-9114?

CVE-2014-9114 is a vulnerability with a CVSS score of 7.8 (HIGH). Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.

How severe is CVE-2014-9114?

CVE-2014-9114 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-9114?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Opensuse, Fedoraproject Fedora, Kernel Util-Linux.