PT-2014-6345 · Linux+3 · Linux Kernel+3

Kenton Varda

Published

2014-08-13

Updated

2023-08-25

CVE-2014-5206

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.16.2

Description The issue allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms. This is achieved via a "mount -o remount" command within a user namespace, exploiting the fact that the do remount function in fs/namespace.c does not maintain the MNT LOCK READONLY bit across a remount of a bind mount.

Recommendations For Linux kernel versions prior to 3.16.2, update to version 3.16.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the "mount -o remount" command within user namespaces to minimize the risk of exploitation.

Exploit

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

ALT-PU-2014-2023

ALT-PU-2014-2024

ALT-PU-2014-2025

ALT-PU-2014-2106

ALT-PU-2015-1794

CVE-2014-5206

OPENSUSE-SU-2014_1677-1

USN-2317-1

USN-2318-1

Affected Products

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2014-6345 · Linux+3 · Linux Kernel+3

CVE-2014-5206

Weakness Enumeration

Related Identifiers

Affected Products

References · 26