CVE-2014-5207

Priority
High
Description
fs/namespace.c in the Linux kernel through 3.16.1 does not properly
restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing
MNT_ATIME_MASK during a remount of a bind mount, which allows local users
to gain privileges, interfere with backups and auditing on systems that had
atime enabled, or cause a denial of service (excessive filesystem updating)
on systems that had atime disabled via a "mount -o remount" command within
a user namespace.
Ubuntu-Description
Eric W. Biederman discovered a flaw with the mediation of mount flags in
the Linux kernel's user namespace subsystem. An unprivileged user could
exploit this flaw to by-pass mount restrictions, and potentially gain
administrative privileges.
References
Bugs
Notes
jdstrand> android kernels (goldfish, grouper, maguro, mako and manta) are not
supported on the Ubuntu Touch 13.10 preview kernels
jdstrand> android kernels (flo, goldfish, grouper, maguro, mako and manta) are
not supported on the Ubuntu Touch 14.04 preview kernels
sarnold> this fix was assigned to CVE-2014-5206: db181ce011e3c033328608299cd6fac06ea50130
jdstrand> linux-lts-saucy no longer receives official support
Package
Upstream:released (3.17~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):released (3.13.0-34.60~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (3.17~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (3.17~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (3.17~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 14.10 (Utopic Unicorn):needs-triage
Ubuntu 15.04 (Vivid Vervet):needs-triage
Package
Upstream:released (3.17~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):ignored (abandoned)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (3.17~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):ignored (abandoned)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (3.17~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (abandoned)
Ubuntu 12.04 LTS (Precise Pangolin):ignored (abandoned)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (3.17~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (3.17~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Patches:
Package
Upstream:released (3.17~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 14.10 (Utopic Unicorn):not-affected
Ubuntu 15.04 (Vivid Vervet):not-affected
Package
Upstream:released (3.17~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (3.17~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 14.10 (Utopic Unicorn):not-affected
Ubuntu 15.04 (Vivid Vervet):not-affected
Package
Upstream:released (3.17~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):ignored (was pending [3.11.0-27.47~precise1] OEM release)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (3.17~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):released (3.13.0-34.60)
Ubuntu 14.10 (Utopic Unicorn):not-affected (3.16.0-8.13)
Ubuntu 15.04 (Vivid Vervet):not-affected (3.16.0-23.31)
Patches:
Introduced by 0c55cfc4166d9a0f38de779bd4d75a90afbe7734Fixed by 9566d6742852c527bf5af38af5cbb878dad75705
Introduced by 0c55cfc4166d9a0f38de779bd4d75a90afbe7734Fixed by ffbc6f0ead47fa5a1dc9642b0331cb75c20a640e
Package
Upstream:released (3.17~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 14.10 (Utopic Unicorn):not-affected
Ubuntu 15.04 (Vivid Vervet):not-affected
Package
Upstream:released (3.17~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (3.17~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):ignored (abandoned)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (3.17~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life, does not affect buildd)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (3.17~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):ignored (was needs-triage now end-of-life)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Package
Upstream:released (3.17~rc1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 14.10 (Utopic Unicorn):not-affected
Ubuntu 15.04 (Vivid Vervet):not-affected
More Information

Valid XHTML 1.0 Strict

Updated: 2014-10-29 20:15:13 UTC (commit 8657)