CVE-2014-5206 in Ubuntu

CVE-2014-5206

Priority

Description

The do_remount function in fs/namespace.c in the Linux kernel through
3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a
bind mount, which allows local users to bypass an intended read-only
restriction and defeat certain sandbox protection mechanisms via a "mount
-o remount" command within a user namespace.

Ubuntu-Description

Kenton Varda discovered a flaw with read-only bind mounds when used with
user namespaces. An unprivileged local user could exploit this flaw to gain
full write privileges to a mount that should be read only.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5206
http://www.openwall.com/lists/oss-security/2014/08/13/4
https://usn.ubuntu.com/usn/usn-2317-1
https://usn.ubuntu.com/usn/usn-2318-1

Bugs

https://launchpad.net/bugs/1356318

Notes

jdstrand> android kernels (goldfish, grouper, maguro, mako and manta) are not
supported on the Ubuntu Touch 13.10 preview kernels
jdstrand> android kernels (flo, goldfish, grouper, maguro, mako and manta) are
not supported on the Ubuntu Touch 14.04 preview kernels
apw> The existing break-fix appears to point to some self-tests
apw> break-fix: - db181ce011e3c033328608299cd6fac06ea50130
apw> actual fix appears to be: a6138db815df5ee542d848318e5dae681590fccd
jdstrand> linux-lts-saucy no longer receives official support

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):	released (3.13.0-34.60)
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (4.2.0-16.19)

Patches:

Introduced by 0c55cfc4166d9a0f38de779bd4d75a90afbe7734	Fixed by a6138db815df5ee542d848318e5dae681590fccd
Introduced by 0c55cfc4166d9a0f38de779bd4d75a90afbe7734	Fixed by 07b645589dcda8b7a5249e096fece2a67556f0f4

Package

Source: linux-armadaxp (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-ec2 (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-flo (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected

Package

Source: linux-fsl-imx51 (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-goldfish (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected

Package

Source: linux-grouper (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-linaro-omap (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-linaro-shared (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-linaro-vexpress (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-lts-quantal (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Patches:

Package

Source: linux-lts-raring (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-lts-saucy (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-lts-utopic (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):	not-affected (3.16.0-25.33~14.04.2)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-lts-vivid (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):	not-affected (3.19.0-18.18~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-maguro (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-mako (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected

Package

Source: linux-manta (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected

Package

Source: linux-mvl-dove (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-qcm-msm (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (4.2.0-1014.21)

Package

Source: linux-ti-omap4 (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

More Information

Updated: 2019-01-14 22:14:16 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)