CVE-2014-9717

NameCVE-2014-9717
Descriptionfs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)jessie3.16.56-1+deb8u1vulnerable
jessie (security)3.16.57-2vulnerable
stretch4.9.110-1fixed
stretch (security)4.9.110-3+deb9u2fixed
buster4.17.14-1fixed
sid4.17.17-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsource(unstable)4.0.2-1low
linuxsourcewheezy(not affected)
linux-2.6source(unstable)(not affected)

Notes

[jessie] - linux <ignored> (Too intrusive to backport)
[wheezy] - linux <not-affected> (user namespaces known broken before 3.5, see kernel-sec info)
- linux-2.6 <not-affected> (user namespaces known broken before 3.5, see kernel-sec info)
https://groups.google.com/forum/#!topic/linux.kernel/HnegnbXk0Vs
Proposed fixes: http://www.spinics.net/lists/linux-containers/msg30786.html
http://www.openwall.com/lists/oss-security/2015/04/17/4
CVE assignement for issue in http://marc.info/?l=linux-kernel&m=141271552117745&w=2

Search for package or bug name: Reporting problems