CVE-2014-5207

Published: Aug 18, 2014Modified: May 6, 2026

6.2

Vector

AV:L/AC:H/Au:N/C:C/I:C/A:C

Exploitability: 1.9 / Impact: 10.0

Source: NVD

Description

fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace.

Affected (3)

Products: Linux: Linux Kernel · Canonical: Ubuntu Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 3.16.1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (24)

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9566d6742852c527bf5af38af5cbb878dad75705

Source: cve@mitre.org

http://osvdb.org/show/osvdb/110055

Source: cve@mitre.org

Broken Link

http://packetstormsecurity.com/files/128595/Linux-Kernel-3.16.1-FUSE-Privilege-Escalation.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/oss-sec/2014/q3/352

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.exploit-db.com/exploits/34923

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://www.openwall.com/lists/oss-security/2014/08/13/4

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/69216

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2317-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2318-1

Source: cve@mitre.org

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1129662

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/95266

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://github.com/torvalds/linux/commit/9566d6742852c527bf5af38af5cbb878dad75705

Source: cve@mitre.org

PatchThird Party Advisory

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9566d6742852c527bf5af38af5cbb878dad75705

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/show/osvdb/110055

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://packetstormsecurity.com/files/128595/Linux-Kernel-3.16.1-FUSE-Privilege-Escalation.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/oss-sec/2014/q3/352

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.exploit-db.com/exploits/34923

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://www.openwall.com/lists/oss-security/2014/08/13/4

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/69216

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2317-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.ubuntu.com/usn/USN-2318-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1129662

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/95266

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://github.com/torvalds/linux/commit/9566d6742852c527bf5af38af5cbb878dad75705

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.