QwikSec

Security Database

CVE

CWE

Training

CVE-2014-9717

Published: May 2, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

SUSE-SU-2016:1690

vendor-advisory

x_refsource_SUSE

SUSE-SU-2016:1696

vendor-advisory

x_refsource_SUSE

https://github.com/torvalds/linux/commit/ce07d891a0891d3c0d0c2d73d577490486b809e1

x_refsource_CONFIRM

[oss-security] 20150417 USERNS allows circumventing MNT_LOCKED

mailing-list

x_refsource_MLIST

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce07d891a0891d3c0d0c2d73d577490486b809e1

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1226751

x_refsource_CONFIRM

[linux-kernel] 20141007 [PATCH] mnt: don't allow to detach the namespace root

mailing-list

x_refsource_MLIST

[containers] 20150402 [PATCH review 0/19] Locked mount and loopback mount fixes

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_BID

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.2

x_refsource_CONFIRM

SUSE-SU-2016:1937

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.