Linux Kernel CVE-2014-5206 Local Security Bypass Vulnerability

Bugtraq ID:	69214
Class:	Design Error
CVE:	CVE-2014-5206
Remote:	No
Local:	Yes
Published:	Aug 01 2014 12:00AM
Updated:	May 07 2015 05:05PM
Credit:	Kenton Varda
Vulnerable:	Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Linux kernel
Not Vulnerable:

Linux Kernel CVE-2014-5206 Local Security Bypass Vulnerability

Linux kernel is prone to a local security bypass vulnerability that may allow an attacker to bypass a read-only bind mount.

Attackers can exploit these issues to bypass certain security restrictions and perform unauthorized actions.

Linux Kernel CVE-2014-5206 Local Security Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.


Mandriva Business Server 1 X86 64

• Mandriva cpupower-3.4.104-1.1.mbs1.x86_64.rpm
  http://www.mandriva.com/en/downloads/


• Mandriva kernel-firmware-3.4.104-1.1.mbs1.noarch.rpm
  http://www.mandriva.com/en/downloads/


• Mandriva kernel-headers-3.4.104-1.1.mbs1.x86_64.rpm
  http://www.mandriva.com/en/downloads/


• Mandriva kernel-server-3.4.104-1.1.mbs1.x86_64.rpm
  http://www.mandriva.com/en/downloads/


• Mandriva kernel-server-devel-3.4.104-1.1.mbs1.x86_64.rpm
  http://www.mandriva.com/en/downloads/


• Mandriva kernel-source-3.4.104-1.mbs1.noarch.rpm
  http://www.mandriva.com/en/downloads/


• Mandriva lib64cpupower-devel-3.4.104-1.1.mbs1.x86_64.rpm
  http://www.mandriva.com/en/downloads/


• Mandriva lib64cpupower0-3.4.104-1.1.mbs1.x86_64.rpm
  http://www.mandriva.com/en/downloads/


• Mandriva perf-3.4.104-1.1.mbs1.x86_64.rpm
  http://www.mandriva.com/en/downloads/

Linux Kernel CVE-2014-5206 Local Security Bypass Vulnerability

References:

• Linux kernel Homepage (kernel.org)