Published: 13/10/2014 Updated: 14/08/2020

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 437

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Subscribe to Suse Linux Enterprise Server

The pivot_root implementation in fs/namespace.c in the Linux kernel up to and including 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
novell suse linux enterprise server 11.0
linux linux kernel
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04

Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

The sctp_process_param function in net/sctp/sm_make_chunkc in the SCTP implementation in the Linux kernel before 3174, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk (CVE-2014-7841) The pivot_root implementation in fs/namespacec in the Linux kerne ...

Several security issues were fixed in the kernel ...

USN-2448-1 introduced a regression in the Linux kernel ...

Several security issues were fixed in the kernel ...

USN-2447-1 introduced a regression in the Linux kernel ...

Several security issues were fixed in the kernel ...

The pivot_root implementation in fs/namespacec in the Linux kernel through 317 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via (dot) values in both arguments to the pivot_root system call ...

CWE-400 https://bugzilla.redhat.com/show_bug.cgi?id=1151095 http://www.spinics.net/lists/linux-fsdevel/msg79153.html http://www.openwall.com/lists/oss-security/2014/10/08/21 http://www.securityfocus.com/bid/70319 http://www.securitytracker.com/id/1030991 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0826019e529f21c84687521d03f60cd241ca7d http://secunia.com/advisories/61142 http://www.ubuntu.com/usn/USN-2419-1 http://www.ubuntu.com/usn/USN-2420-1 http://secunia.com/advisories/60174 http://www.ubuntu.com/usn/USN-2514-1 http://www.ubuntu.com/usn/USN-2513-1 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html https://exchange.xforce.ibmcloud.com/vulnerabilities/96921 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:1842 https://nvd.nist.gov https://usn.ubuntu.com/2514-1/https://alas.aws.amazon.com/ALAS-2014-455.html

CVE-2014-7970

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect