CVE-2014-5206 in Ubuntu

CVE-2014-5206

Priority

High

Description

The do_remount function in fs/namespace.c in the Linux kernel through
3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a
bind mount, which allows local users to bypass an intended read-only
restriction and defeat certain sandbox protection mechanisms via a "mount
-o remount" command within a user namespace.

Ubuntu-Description

Kenton Varda discovered a flaw with read-only bind mounds when used with
user namespaces. An unprivileged local user could exploit this flaw to gain
full write privileges to a mount that should be read only.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5206
http://www.openwall.com/lists/oss-security/2014/08/13/4
http://www.ubuntu.com/usn/usn-2317-1
http://www.ubuntu.com/usn/usn-2318-1

Bugs

https://launchpad.net/bugs/1356318

Notes

jdstrand> android kernels (goldfish, grouper, maguro, mako and manta) are not
supported on the Ubuntu Touch 13.10 preview kernels
jdstrand> android kernels (flo, goldfish, grouper, maguro, mako and manta) are
not supported on the Ubuntu Touch 14.04 preview kernels
apw> The existing break-fix appears to point to some self-tests
apw> break-fix: - db181ce011e3c033328608299cd6fac06ea50130
apw> actual fix appears to be: a6138db815df5ee542d848318e5dae681590fccd
jdstrand> linux-lts-saucy no longer receives official support

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 12.04 LTS (Precise Pangolin):	released (3.13.0-34.60~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Touch 15.04:	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-lts-quantal (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 12.04 LTS (Precise Pangolin):	not-affected
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Touch 15.04:	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Patches:

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 12.04 LTS (Precise Pangolin):	not-affected
Ubuntu 14.04 LTS (Trusty Tahr):	released (3.13.0-34.60)
Ubuntu Touch 15.04:	DNE
Ubuntu Core 15.04:	not-affected (3.16.0-23.31)
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (4.2.0-16.19)

Patches:

Introduced by 0c55cfc4166d9a0f38de779bd4d75a90afbe7734	Fixed by a6138db815df5ee542d848318e5dae681590fccd
Introduced by 0c55cfc4166d9a0f38de779bd4d75a90afbe7734	Fixed by 07b645589dcda8b7a5249e096fece2a67556f0f4

Package

Source: linux-ti-omap4 (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 12.04 LTS (Precise Pangolin):	not-affected
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Touch 15.04:	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-lts-raring (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 12.04 LTS (Precise Pangolin):	ignored (was needs-triage now end-of-life)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Touch 15.04:	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-armadaxp (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 12.04 LTS (Precise Pangolin):	not-affected
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Touch 15.04:	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-linaro-shared (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 12.04 LTS (Precise Pangolin):	ignored (abandoned)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Touch 15.04:	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-maguro (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu Touch 15.04:	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-mvl-dove (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Touch 15.04:	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-lts-saucy (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 12.04 LTS (Precise Pangolin):	ignored (was pending [3.11.0-27.47~precise1] OEM release)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Touch 15.04:	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-manta (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu Touch 15.04:	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected

Package

Source: linux-ec2 (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Touch 15.04:	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-grouper (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu Touch 15.04:	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-linaro-vexpress (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 12.04 LTS (Precise Pangolin):	ignored (abandoned)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Touch 15.04:	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-qcm-msm (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 12.04 LTS (Precise Pangolin):	ignored (abandoned)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Touch 15.04:	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-lts-vivid (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	not-affected (3.19.0-18.18~14.04.1)
Ubuntu Touch 15.04:	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Touch 15.04:	DNE
Ubuntu Core 15.04:	released (4.2.0-1014.21)
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (4.2.0-1014.21)

Package

Source: linux-mako (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu Touch 15.04:	not-affected
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected

Package

Source: linux-fsl-imx51 (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Touch 15.04:	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-linaro-omap (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 12.04 LTS (Precise Pangolin):	ignored (abandoned)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Touch 15.04:	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-lts-utopic (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	not-affected (3.16.0-25.33~14.04.2)
Ubuntu Touch 15.04:	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: linux-goldfish (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu Touch 15.04:	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected

Package

Source: linux-flo (LP Ubuntu Debian)

Upstream:	released (3.17~rc1)
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu Touch 15.04:	not-affected
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected

More Information

Updated: 2017-03-08 21:21:36 UTC (commit 12204)