CVE-2014-9717

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 02-05-2016 12:59

Last modified: - 21-09-2022 08:44

Total changes: - 2

Description

fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace.

Common Vulnerability Scoring System (CVSS)

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Low

Attack complexity

Local

Attack vector

None

Availability

Low

Confidentiality

High

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

6.1

Base score

1.8

4.2

Exploitability score

Impact score

Verification logic

Reference

[linux-kernel] 20141007 [PATCH] mnt: don't allow to detach the namespace root-
https://bugzilla.redhat.com/show_bug.cgi?id=1226751
https://github.com/torvalds/linux/commit/ce07d891a0891d3c0d0c2d73d577490486b809e1
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.2
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce07d891a0891d3c0d0c2d73d577490486b809e1
[oss-security] 20150417 USERNS allows circumventing MNT_LOCKED-
[containers] 20150402 [PATCH review 0/19] Locked mount and loopback mount fixes-
74226-
SUSE-SU-2016:1696-
SUSE-SU-2016:1690-
SUSE-SU-2016:1937-

Keywords

CVE-2014-9717

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2014-9717

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures