Vulnerability CVE-2014-5206: Information

Description

The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount" command within a user namespace.

Severity: HIGH (7.2)

URL: https://nvd.nist.gov/vuln/detail/CVE-2014-5206
Published: Aug. 18, 2014
Modified: Nov. 7, 2023
Error type identifier: CWE-269

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
kernel-image-std-defsisyphus3.18.21-alt16.1.87-alt1ALT-PU-2015-1794-1149359Fixed
kernel-image-std-defp103.18.21-alt15.10.213-alt1ALT-PU-2015-1794-1149359Fixed
kernel-image-std-defp93.18.21-alt15.4.274-alt1ALT-PU-2015-1794-1149359Fixed
kernel-image-std-defc9f23.18.21-alt15.10.214-alt0.c9f.2ALT-PU-2015-1794-1149359Fixed
kernel-image-std-defc74.4.93-alt0.M70C.14.4.277-alt0.M70C.1ALT-PU-2017-2509-1191210Fixed
kernel-image-un-defsisyphus3.16.2-alt16.6.28-alt1ALT-PU-2014-2106-1129235Fixed
kernel-image-un-defp103.16.2-alt16.1.85-alt1ALT-PU-2014-2106-1129235Fixed
kernel-image-un-defp93.16.2-alt15.10.215-alt1ALT-PU-2014-2106-1129235Fixed
kernel-image-un-defc10f13.16.2-alt16.1.85-alt0.c10f.1ALT-PU-2014-2106-1129235Fixed
kernel-image-un-defc9f23.16.2-alt15.10.29-alt2ALT-PU-2014-2106-1129235Fixed
kernel-image-un-defc73.16.3-alt14.9.277-alt0.M70C.1ALT-PU-2014-2173-1130870Fixed
usbipsisyphus5.10-alt15.10-alt1ALT-PU-2023-1798-1320453Fixed
usbipp105.10-alt15.10-alt1ALT-PU-2023-1903-1320461Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/torvalds/linux/commit/a6138db815df5ee542d848318e5dae681590fccd
  • Patch
  • Third Party Advisory
[oss-security] 20140813 Re: CVE Request: ro bind mount bypass using user namespaces
  • Mailing List
  • Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1129662
  • Issue Tracking
  • Patch
  • Third Party Advisory
USN-2317-1
  • Third Party Advisory
USN-2318-1
  • Third Party Advisory
69214
  • Third Party Advisory
  • VDB Entry
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a6138db815df5ee542d848318e5dae681590fccd

      1. Configuration 1

        cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
        Start including
        3.13
        End excliding
        3.14.19
        cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
        Start including
        3.15
        End excliding
        3.16.3
        cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
        Start including
        3.11
        End excliding
        3.12.27
        cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
        Start including
        3.8
        End excliding
        3.10.55

        Configuration 2

        cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
        cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.4.2
    Back to top