CVE-2014-5207
Summary
| CVE | CVE-2014-5207 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-08-18 11:15:27 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
LocalAccess Complexity
HighAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:L/AC:H/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| USN-2317-1: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | Third Party Advisory |
| Linux Kernel 3.16.1 - Remount FUSE Exploit | af854a3a-2127-422b-91ae-364da2661108 | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| Linux Kernel 3.16.1 FUSE Privilege Escalation ≈ Packet Storm | af854a3a-2127-422b-91ae-364da2661108 | packetstormsecurity.com | Exploit, Third Party Advisory, VDB Entry |
| Bug 1129662 – CVE-2014-5206 CVE-2014-5207 kernel: mount flags handling during remount | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | Issue Tracking, Patch, Third Party Advisory |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | Third Party Advisory, VDB Entry |
| osvdb.org/show/osvdb/110055 | af854a3a-2127-422b-91ae-364da2661108 | osvdb.org | Broken Link |
| USN-2318-1: Linux kernel vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | Third Party Advisory |
| oss-sec: CVE Request: ro bind mount bypass using user namespaces | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Mailing List, Third Party Advisory |
| Linux Kernel CVE-2014-5207 Local Security Bypass Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| mnt: Correct permission checks in do_remount · torvalds/linux@9566d67 · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Patch, Third Party Advisory |
| oss-security - Re: CVE Request: ro bind mount bypass using user namespaces | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Third Party Advisory |
| kernel/git/torvalds/linux.git - Linux kernel source tree | af854a3a-2127-422b-91ae-364da2661108 | git.kernel.org | |
| kernel/git/torvalds/linux.git - Linux kernel source tree | MITRE | git.kernel.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 671064 EulerOS Security Update for kernel (EulerOS-SA-2019-2599)