Lucene search

[email protected]CVE-2014-8989

HistoryNov 30, 2014 - 1:59 a.m.

CVE-2014-8989

2014-11-3001:59:07

CWE-264

[email protected]

web.nvd.nist.gov

linux kernel

bypass file permissions

negative groups issue

cve-2014-8989

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a “negative groups” issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c.

Affected configurations

NVD

Node

linuxlinux_kernelRange≤3.17.3

linuxlinux_kernelMatch3.0rc1

linuxlinux_kernelMatch3.0rc2

linuxlinux_kernelMatch3.0rc3

linuxlinux_kernelMatch3.0rc4

linuxlinux_kernelMatch3.0rc5

linuxlinux_kernelMatch3.0rc6

linuxlinux_kernelMatch3.0rc7

linuxlinux_kernelMatch3.0.1

linuxlinux_kernelMatch3.0.2

linuxlinux_kernelMatch3.0.3

linuxlinux_kernelMatch3.0.4

linuxlinux_kernelMatch3.0.5

linuxlinux_kernelMatch3.0.6

linuxlinux_kernelMatch3.0.7

linuxlinux_kernelMatch3.0.8

linuxlinux_kernelMatch3.0.9

linuxlinux_kernelMatch3.0.10

linuxlinux_kernelMatch3.0.11

linuxlinux_kernelMatch3.0.12

linuxlinux_kernelMatch3.0.13

linuxlinux_kernelMatch3.0.14

linuxlinux_kernelMatch3.0.15

linuxlinux_kernelMatch3.0.16

linuxlinux_kernelMatch3.0.17

linuxlinux_kernelMatch3.0.18

linuxlinux_kernelMatch3.0.19

linuxlinux_kernelMatch3.0.20

linuxlinux_kernelMatch3.0.21

linuxlinux_kernelMatch3.0.22

linuxlinux_kernelMatch3.0.23

linuxlinux_kernelMatch3.0.24

linuxlinux_kernelMatch3.0.25

linuxlinux_kernelMatch3.0.26

linuxlinux_kernelMatch3.0.27

linuxlinux_kernelMatch3.0.28

linuxlinux_kernelMatch3.0.29

linuxlinux_kernelMatch3.0.30

linuxlinux_kernelMatch3.0.31

linuxlinux_kernelMatch3.0.32

linuxlinux_kernelMatch3.0.33

linuxlinux_kernelMatch3.0.34

linuxlinux_kernelMatch3.0.35

linuxlinux_kernelMatch3.0.36

linuxlinux_kernelMatch3.0.37

linuxlinux_kernelMatch3.0.38

linuxlinux_kernelMatch3.0.39

linuxlinux_kernelMatch3.0.40

linuxlinux_kernelMatch3.0.41

linuxlinux_kernelMatch3.0.42

linuxlinux_kernelMatch3.0.43

linuxlinux_kernelMatch3.0.44

linuxlinux_kernelMatch3.0.45

linuxlinux_kernelMatch3.0.46

linuxlinux_kernelMatch3.0.47

linuxlinux_kernelMatch3.0.48

linuxlinux_kernelMatch3.0.49

linuxlinux_kernelMatch3.0.50

linuxlinux_kernelMatch3.0.51

linuxlinux_kernelMatch3.0.52

linuxlinux_kernelMatch3.0.53

linuxlinux_kernelMatch3.0.54

linuxlinux_kernelMatch3.0.55

linuxlinux_kernelMatch3.0.56

linuxlinux_kernelMatch3.0.57

linuxlinux_kernelMatch3.0.58

linuxlinux_kernelMatch3.0.59

linuxlinux_kernelMatch3.0.60

linuxlinux_kernelMatch3.0.61

linuxlinux_kernelMatch3.0.62

linuxlinux_kernelMatch3.0.63

linuxlinux_kernelMatch3.0.64

linuxlinux_kernelMatch3.0.65

linuxlinux_kernelMatch3.0.66

linuxlinux_kernelMatch3.0.67

linuxlinux_kernelMatch3.0.68

linuxlinux_kernelMatch3.1

linuxlinux_kernelMatch3.1rc1

linuxlinux_kernelMatch3.1rc2

linuxlinux_kernelMatch3.1rc3

linuxlinux_kernelMatch3.1rc4

linuxlinux_kernelMatch3.1.1

linuxlinux_kernelMatch3.1.2

linuxlinux_kernelMatch3.1.3

linuxlinux_kernelMatch3.1.4

linuxlinux_kernelMatch3.1.5

linuxlinux_kernelMatch3.1.6

linuxlinux_kernelMatch3.1.7

linuxlinux_kernelMatch3.1.8

linuxlinux_kernelMatch3.1.9

linuxlinux_kernelMatch3.1.10

linuxlinux_kernelMatch3.2

linuxlinux_kernelMatch3.2x86

linuxlinux_kernelMatch3.2rc2

linuxlinux_kernelMatch3.2rc3

linuxlinux_kernelMatch3.10

linuxlinux_kernelMatch3.10.0arm64

linuxlinux_kernelMatch3.10.1

linuxlinux_kernelMatch3.10.1arm64

linuxlinux_kernelMatch3.10.2

linuxlinux_kernelMatch3.10.2arm64

linuxlinux_kernelMatch3.10.3

linuxlinux_kernelMatch3.10.3arm64

linuxlinux_kernelMatch3.10.4

linuxlinux_kernelMatch3.10.4arm64

linuxlinux_kernelMatch3.10.5

linuxlinux_kernelMatch3.10.5arm64

linuxlinux_kernelMatch3.10.6

linuxlinux_kernelMatch3.10.6arm64

linuxlinux_kernelMatch3.10.7

linuxlinux_kernelMatch3.10.7arm64

linuxlinux_kernelMatch3.10.8

linuxlinux_kernelMatch3.10.8arm64

linuxlinux_kernelMatch3.10.9

linuxlinux_kernelMatch3.10.9arm64

linuxlinux_kernelMatch3.10.10

linuxlinux_kernelMatch3.10.11

linuxlinux_kernelMatch3.10.12

linuxlinux_kernelMatch3.10.13

linuxlinux_kernelMatch3.10.14

linuxlinux_kernelMatch3.10.15

linuxlinux_kernelMatch3.10.16

linuxlinux_kernelMatch3.10.17

linuxlinux_kernelMatch3.10.18

linuxlinux_kernelMatch3.10.19

linuxlinux_kernelMatch3.10.20

linuxlinux_kernelMatch3.10.21

linuxlinux_kernelMatch3.10.22

linuxlinux_kernelMatch3.10.23

linuxlinux_kernelMatch3.10.24

linuxlinux_kernelMatch3.10.25

linuxlinux_kernelMatch3.10.26

linuxlinux_kernelMatch3.10.27

linuxlinux_kernelMatch3.10.28

linuxlinux_kernelMatch3.10.29

linuxlinux_kernelMatch3.11

linuxlinux_kernelMatch3.11.1

linuxlinux_kernelMatch3.11.2

linuxlinux_kernelMatch3.11.3

linuxlinux_kernelMatch3.11.4

linuxlinux_kernelMatch3.11.5

linuxlinux_kernelMatch3.11.6

linuxlinux_kernelMatch3.11.7

linuxlinux_kernelMatch3.11.8

linuxlinux_kernelMatch3.11.9

linuxlinux_kernelMatch3.11.10

linuxlinux_kernelMatch3.12

linuxlinux_kernelMatch3.12.1

linuxlinux_kernelMatch3.12.2

linuxlinux_kernelMatch3.12.3

linuxlinux_kernelMatch3.12.4

linuxlinux_kernelMatch3.12.5

linuxlinux_kernelMatch3.12.6

linuxlinux_kernelMatch3.12.7

linuxlinux_kernelMatch3.12.8

linuxlinux_kernelMatch3.12.9

linuxlinux_kernelMatch3.12.10

linuxlinux_kernelMatch3.12.11

linuxlinux_kernelMatch3.12.12

linuxlinux_kernelMatch3.12.13

linuxlinux_kernelMatch3.12.14

linuxlinux_kernelMatch3.12.15

linuxlinux_kernelMatch3.12.16

linuxlinux_kernelMatch3.12.17

linuxlinux_kernelMatch3.13

linuxlinux_kernelMatch3.13.1

linuxlinux_kernelMatch3.13.2

linuxlinux_kernelMatch3.13.3

linuxlinux_kernelMatch3.13.4

linuxlinux_kernelMatch3.13.5

linuxlinux_kernelMatch3.13.6

linuxlinux_kernelMatch3.13.7

linuxlinux_kernelMatch3.13.8

linuxlinux_kernelMatch3.13.9

linuxlinux_kernelMatch3.13.10

linuxlinux_kernelMatch3.13.11

linuxlinux_kernelMatch3.14-

linuxlinux_kernelMatch3.14rc1

linuxlinux_kernelMatch3.14rc2

linuxlinux_kernelMatch3.14rc3

linuxlinux_kernelMatch3.14rc4

linuxlinux_kernelMatch3.14rc5

linuxlinux_kernelMatch3.14rc6

linuxlinux_kernelMatch3.14rc7

linuxlinux_kernelMatch3.14rc8

linuxlinux_kernelMatch3.14.1

linuxlinux_kernelMatch3.14.2

linuxlinux_kernelMatch3.14.3

linuxlinux_kernelMatch3.14.4

linuxlinux_kernelMatch3.14.5

linuxlinux_kernelMatch3.15

linuxlinux_kernelMatch3.15.1

linuxlinux_kernelMatch3.15.2

linuxlinux_kernelMatch3.15.3

linuxlinux_kernelMatch3.15.4

linuxlinux_kernelMatch3.15.5

linuxlinux_kernelMatch3.15.6

linuxlinux_kernelMatch3.15.7

linuxlinux_kernelMatch3.15.8

linuxlinux_kernelMatch3.16.0

linuxlinux_kernelMatch3.16.1

linuxlinux_kernelMatch3.17

linuxlinux_kernelMatch3.17.1

linuxlinux_kernelMatch3.17.2

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle3.17.3
linux:linux_kernellinux linux kerneleq3.0
linux:linux_kernellinux linux kerneleq3.0.1
linux:linux_kernellinux linux kerneleq3.0.2
linux:linux_kernellinux linux kerneleq3.0.3
linux:linux_kernellinux linux kerneleq3.0.4
linux:linux_kernellinux linux kerneleq3.0.5
linux:linux_kernellinux linux kerneleq3.0.6
linux:linux_kernellinux linux kerneleq3.0.7
linux:linux_kernellinux linux kerneleq3.0.8

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	3.17.3
linux:linux_kernel	linux linux kernel	eq	3.0
linux:linux_kernel	linux linux kernel	eq	3.0.1
linux:linux_kernel	linux linux kernel	eq	3.0.2
linux:linux_kernel	linux linux kernel	eq	3.0.3
linux:linux_kernel	linux linux kernel	eq	3.0.4
linux:linux_kernel	linux linux kernel	eq	3.0.5
linux:linux_kernel	linux linux kernel	eq	3.0.6
linux:linux_kernel	linux linux kernel	eq	3.0.7
linux:linux_kernel	linux linux kernel	eq	3.0.8