CVE-2014-9717

Source
https://nvd.nist.gov/vuln/detail/CVE-2014-9717
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2014-9717.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2014-9717
Related
Published
2016-05-02T10:59:06Z
Modified
2024-06-30T12:00:03Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N CVSS Calculator
Summary
[none]
Details

fs/namespace.c in the Linux kernel before 4.0.2 processes MNTDETACH umount2 system calls without verifying that the MNTLOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace.

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.2-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.2-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.2-1

Ecosystem specific

{
    "urgency": "low"
}