CVE-2014-5206
First published: Wed Aug 13 2014(Updated: )
It was discovered that a privileged user in the user namespace with access to a bind mount can clear certain mount flags by calling "mount --bind -o remount,... ...". Proposed patches: <a href="https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=a6138db815df5ee542d848318e5dae681590fccd">https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=a6138db815df5ee542d848318e5dae681590fccd</a> <a href="https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=07b645589dcda8b7a5249e096fece2a67556f0f4">https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=07b645589dcda8b7a5249e096fece2a67556f0f4</a> <a href="https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=9566d6742852c527bf5af38af5cbb878dad75705">https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=9566d6742852c527bf5af38af5cbb878dad75705</a> <a href="https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=ffbc6f0ead47fa5a1dc9642b0331cb75c20a640e">https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=ffbc6f0ead47fa5a1dc9642b0331cb75c20a640e</a> <a href="https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=db181ce011e3c033328608299cd6fac06ea50130">https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=db181ce011e3c033328608299cd6fac06ea50130</a> References: <a href="http://seclists.org/oss-sec/2014/q3/357">http://seclists.org/oss-sec/2014/q3/357</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=3.8<3.10.55 | |
| Linux Kernel | >=3.11<3.12.27 | |
| Linux Kernel | >=3.13<3.14.19 | |
| Linux Kernel | >=3.15<3.16.3 | |
| Ubuntu Linux | =12.04 | |
| Ubuntu Linux | =14.04 | |
| Linux kernel | >=3.8<3.10.55 | |
| Linux kernel | >=3.11<3.12.27 | |
| Linux kernel | >=3.13<3.14.19 | |
| Linux kernel | >=3.15<3.16.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a6138db815df5ee542d848318e5dae681590fccd
- http://www.openwall.com/lists/oss-security/2014/08/13/4
- http://www.securityfocus.com/bid/69214
- http://www.ubuntu.com/usn/USN-2317-1
- http://www.ubuntu.com/usn/USN-2318-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1129662
- https://github.com/torvalds/linux/commit/a6138db815df5ee542d848318e5dae681590fccd
- https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=a6138db815df5ee542d848318e5dae681590fccd
- https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=07b645589dcda8b7a5249e096fece2a67556f0f4
- https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=9566d6742852c527bf5af38af5cbb878dad75705
- https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=ffbc6f0ead47fa5a1dc9642b0331cb75c20a640e
- https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=db181ce011e3c033328608299cd6fac06ea50130
- http://seclists.org/oss-sec/2014/q3/357
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1129669
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a6138db815df5ee542d848318e5dae681590fccd
Frequently Asked Questions
What is the severity of CVE-2014-5206?
CVE-2014-5206 has a high severity rating due to the potential for a privileged user to clear mount flags, impacting system security.
How do I fix CVE-2014-5206?
To fix CVE-2014-5206, you should apply the patches provided by the Linux kernel maintainers or update to a non-vulnerable version of the kernel.
Which versions of the Linux kernel are affected by CVE-2014-5206?
CVE-2014-5206 affects multiple Linux kernel versions between 3.8 and 3.16.3.
Who can be impacted by CVE-2014-5206?
CVE-2014-5206 can be exploited by a privileged user within the user namespace, potentially compromising system integrity.
Is CVE-2014-5206 specifically related to Ubuntu Linux distributions?
Yes, CVE-2014-5206 affects specific versions of Ubuntu Linux, including 12.04 and 14.04.
- agent/author
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/remedy
- agent/references
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-5206
- agent/trending
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- vendor/linux
- canonical/linux kernel
- version/linux kernel/3.8
- version/linux kernel/3.11
- version/linux kernel/3.13
- version/linux kernel/3.15
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/12.04
- version/ubuntu linux/14.04
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04