PT-2014-8349 · Linux+5 · Linux Kernel+5

Published

2014-10-13

·

Updated

2020-08-14

·

CVE-2014-7975

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 3.17
Description The issue allows local users to cause a denial of service, specifically a loss of writability, by manipulating certain system calls and flags. This is due to the do umount function not requiring the CAP SYS ADMIN capability for specific do remount sb calls that change the root filesystem to read-only.
Recommendations For Linux kernel versions through 3.17, as a temporary workaround, consider restricting the use of the do umount function until a patch is available. Additionally, limiting the ability to make certain unshare system calls and clearing the / MNT LOCKED flag can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2014-2297
ALT-PU-2015-1794
CESA-2017_1842
CVE-2014-7975
MGASA-2014-0451
MGASA-2014-0452
MGASA-2014-0453
MGASA-2014-0454
MGASA-2014-0455
MGASA-2014-0456
MGASA-2014-0459
MGASA-2014-0479
OPENSUSE-SU-2014_1677-1
RHSA-2017:1842
RHSA-2017:2077
RHSA-2017_1842
RHSA-2017_2077
USN-2415-1
USN-2416-1
USN-2417-1
USN-2418-1
USN-2419-1
USN-2420-1
USN-2421-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu