CVE-2014-5045

Published: Aug 1, 2014Modified: May 6, 2026

6.2

Vector

AV:L/AC:H/Au:N/C:C/I:C/A:C

Exploitability: 1.9 / Impact: 10.0

Source: NVD

Description

The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program.

Affected (4)

Products: Linux: Linux Kernel · Redhat: Enterprise Linux Eus, Enterprise Linux Server Aus, Enterprise Linux Server Tus

1 product

3 products

Enterprise Linux Eus

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 3.15.8

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Eus	Version 6.5
Redhat Enterprise Linux Server Aus	Version 6.5
Redhat Enterprise Linux Server Tus	Version 6.5

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (16)

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=295dc39d941dc2ae53d5c170365af4c9d5c16212

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2015-0062.html

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/60353

Source: cve@mitre.org

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8

Source: cve@mitre.org

PatchThird Party AdvisoryVendor Advisory

http://www.openwall.com/lists/oss-security/2014/07/24/2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/68862

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1122472

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://github.com/torvalds/linux/commit/295dc39d941dc2ae53d5c170365af4c9d5c16212

Source: cve@mitre.org

ExploitPatchThird Party Advisory

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=295dc39d941dc2ae53d5c170365af4c9d5c16212

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2015-0062.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/60353

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryVendor Advisory

http://www.openwall.com/lists/oss-security/2014/07/24/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/68862

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1122472

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://github.com/torvalds/linux/commit/295dc39d941dc2ae53d5c170365af4c9d5c16212

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.