Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-5207
HistoryAug 13, 2014 - 12:00 a.m.

CVE-2014-5207

2014-08-1300:00:00
ubuntu.com
ubuntu.com
14

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.2%

fs/namespace.c in the Linux kernel through 3.16.1 does not properly
restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing
MNT_ATIME_MASK during a remount of a bind mount, which allows local users
to gain privileges, interfere with backups and auditing on systems that had
atime enabled, or cause a denial of service (excessive filesystem updating)
on systems that had atime disabled via a “mount -o remount” command within
a user namespace.

Bugs

Notes

Author Note
jdstrand android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels
seth-arnold this fix was assigned to CVE-2014-5206: db181ce011e3c033328608299cd6fac06ea50130
jdstrand linux-lts-saucy no longer receives official support
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchlinux< 3.13.0-34.60UNKNOWN
ubuntu12.04noarchlinux-lts-trusty< 3.13.0-34.60~precise1UNKNOWN

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.2%