CVE-2014-4027

The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.

Published: 2014-06-23 Last update: 2026-05-06 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2014-4027 is rated Low Risk (19.1/100): CVSS Low severity, with low exploitation likelihood (EPSS 0.13%). Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2014-4027

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-03-30 0.62% 0.13% -0.48%
2 2025-03-29 0.13% 0.62% +0.48%
3 2025-03-17 0.13%

Full EPSS history (5 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2014-4027

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
2.3 2.0 LOW
AV:A/AC:M/Au:S/C:P/I:N/A:N Click to expand
Access vector (AV:A)
Requires access to an adjacent network segment.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:S)
A single authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:N)
No availability impact.
 4.4 2.9 [email protected]

Weakness enumeration for CVE-2014-4027

OS Trackers for CVE-2014-4027

vendor priority summary link
debian not yet assigned CVE-2014-4027 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2014-4027
redhat low https://access.redhat.com/security/cve/CVE-2014-4027
ubuntu medium CVE-2014-4027 medium priority: Ubuntu including 31 source packages (linux, linux-2.6, …), 306 status rows across 11 suites (lucid, precise, saucy, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): DNE 215, released 37, ignored 33, not-affected 21. https://ubuntu.com/security/CVE-2014-4027

Affected software / configurations for CVE-2014-4027

Vendor Product Version Raw CPE
linux linux_kernel < 3.14 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
redhat enterprise_linux 6.0 cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
canonical ubuntu_linux 12.04 cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
suse linux_enterprise_desktop 11 cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
suse linux_enterprise_high_availability_extension 11 cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*
suse linux_enterprise_real_time_extension 11 cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*
suse linux_enterprise_server 11 cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
suse linux_enterprise_server 11 cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
f5 big-ip_access_policy_manager >= 11.1.0, <= 11.6.0 cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
f5 big-ip_access_policy_manager 12.0.0 cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*
f5 big-ip_advanced_firewall_manager >= 11.3.0, <= 11.6.0 cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
f5 big-ip_advanced_firewall_manager 12.0.0 cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*
f5 big-ip_analytics >= 11.1.0, <= 11.6.0 cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
f5 big-ip_analytics 12.0.0 cpe:2.3:a:f5:big-ip_analytics:12.0.0:*:*:*:*:*:*:*
f5 big-ip_application_acceleration_manager >= 11.4.0, <= 11.6.0 cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
f5 big-ip_application_acceleration_manager 12.0.0 cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*
f5 big-ip_application_security_manager >= 11.1.0, <= 11.6.0 cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
f5 big-ip_application_security_manager 12.0.0 cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*
f5 big-ip_domain_name_system 12.0.0 cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:*:*:*:*:*:*:*
f5 big-ip_edge_gateway >= 11.1.0, <= 11.3.0 cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
f5 big-ip_global_traffic_manager >= 11.1.0, <= 11.6.0 cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
f5 big-ip_link_controller >= 11.1.0, <= 11.6.0 cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
f5 big-ip_link_controller 12.0.0 cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*
f5 big-ip_local_traffic_manager >= 11.1.0, <= 11.6.0 cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
f5 big-ip_local_traffic_manager 12.0.0 cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*
f5 big-ip_policy_enforcement_manager >= 11.3.0, <= 11.6.0 cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
f5 big-ip_policy_enforcement_manager 12.0.0 cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*
f5 big-ip_protocol_security_module >= 11.1.0, <= 11.4.1 cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*
f5 big-ip_wan_optimization_manager >= 11.1.0, <= 11.3.0 cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*
f5 big-ip_webaccelerator >= 11.1.0, <= 11.3.0 cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
f5 big-iq_application_delivery_controller 4.5.0 cpe:2.3:a:f5:big-iq_application_delivery_controller:4.5.0:*:*:*:*:*:*:*
f5 big-iq_cloud >= 4.0.0, <= 4.5.0 cpe:2.3:a:f5:big-iq_cloud:*:*:*:*:*:*:*:*
f5 big-iq_device >= 4.2.0, <= 4.5.0 cpe:2.3:a:f5:big-iq_device:*:*:*:*:*:*:*:*
f5 big-iq_security >= 4.0.0, <= 4.5.0 cpe:2.3:a:f5:big-iq_security:*:*:*:*:*:*:*:*
f5 enterprise_manager >= 3.0.0, <= 3.1.1 cpe:2.3:a:f5:enterprise_manager:*:*:*:*:*:*:*:*

References for CVE-2014-4027

URL Tags
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html Mailing List Third Party Advisory
http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618 Broken Link
http://secunia.com/advisories/59134 Broken Link
http://secunia.com/advisories/59777 Broken Link
http://secunia.com/advisories/60564 Broken Link
http://secunia.com/advisories/61310 Broken Link
http://www.openwall.com/lists/oss-security/2014/06/11/1 Mailing List Patch Third Party Advisory
http://www.ubuntu.com/usn/USN-2334-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2335-1 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1108744 Issue Tracking Patch Third Party Advisory
https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc Patch Third Party Advisory
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html Third Party Advisory
cvelogic Threat Intelligence