6.2 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
25.2%
fs/namespace.c in the Linux kernel through 3.16.1 does not properly
restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing
MNT_ATIME_MASK during a remount of a bind mount, which allows local users
to gain privileges, interfere with backups and auditing on systems that had
atime enabled, or cause a denial of service (excessive filesystem updating)
on systems that had atime disabled via a “mount -o remount” command within
a user namespace.
Author | Note |
---|---|
jdstrand | android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels |
seth-arnold | this fix was assigned to CVE-2014-5206: db181ce011e3c033328608299cd6fac06ea50130 |
jdstrand | linux-lts-saucy no longer receives official support |
www.openwall.com/lists/oss-security/2014/08/12/6
www.openwall.com/lists/oss-security/2014/08/13/4
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5207
launchpad.net/bugs/cve/CVE-2014-5207
nvd.nist.gov/vuln/detail/CVE-2014-5207
security-tracker.debian.org/tracker/CVE-2014-5207
ubuntu.com/security/notices/USN-2317-1
ubuntu.com/security/notices/USN-2318-1