CVE-2014-9717
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2014-9717
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2014-9717.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2014-9717
- Related
- Published
- 2016-05-02T10:59:06Z
- Modified
- 2024-06-30T12:01:22Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
fs/namespace.c in the Linux kernel before 4.0.2 processes MNTDETACH umount2 system calls without verifying that the MNTLOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace.
- References
-
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce07d891a0891d3c0d0c2d73d577490486b809e1
- https://github.com/torvalds/linux/commit/ce07d891a0891d3c0d0c2d73d577490486b809e1
- https://bugzilla.redhat.com/show_bug.cgi?id=1226751
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.2
- http://www.openwall.com/lists/oss-security/2015/04/17/4
- http://www.securityfocus.com/bid/74226
- http://www.spinics.net/lists/linux-containers/msg30786.html
- https://groups.google.com/forum/message/raw?msg=linux.kernel/HnegnbXk0Vs/RClojwJzAFEJ
- https://security-tracker.debian.org/tracker/CVE-2014-9717
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source