Design/Logic Flaw

2014-08-1811:15:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.4%

JSON

The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a “mount -o remount” command within a user namespace.

CPENameOperatorVersion
ubuntu_linuxeq12.04
ubuntu_linuxeq14.04
linux_kernelge3.13
linux_kernellt3.14.19
linux_kernelge3.15
linux_kernellt3.16.3
linux_kernelge3.11
linux_kernellt3.12.27
linux_kernelge3.8
linux_kernellt3.10.55

Name	Operator	Version
ubuntu_linux	eq	12.04
ubuntu_linux	eq	14.04
linux_kernel	ge	3.13
linux_kernel	lt	3.14.19
linux_kernel	ge	3.15
linux_kernel	lt	3.16.3
linux_kernel	ge	3.11
linux_kernel	lt	3.12.27
linux_kernel	ge	3.8
linux_kernel	lt	3.10.55