cbcvebase.
CVE-2014-4014
published 2014-06-23

CVE-2014-4014: The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local…

PriorityP431medium6.2CVSS 2.0
AVLACHAuNCCICAC
EXPLOIT
EPSS
3.30%
87.0th percentile
The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.

Affected

8 ranges
VendorProductVersion rangeFixed in
debianlinux< linux 3.14.7-1 (bookworm)linux 3.14.7-1 (bookworm)
googleandroid
linuxlinux_kernel< 3.14.83.14.8
linuxlinux_kernel>= 0 < 3.14.7-13.14.7-1
linuxlinux_kernel>= 0 < 3.14.7-13.14.7-1
linuxlinux_kernel>= 0 < 3.14.7-13.14.7-1
linuxlinux_kernel>= 0 < 3.14.7-13.14.7-1
linuxlinux_kernel>= 0 < 3.13.0-35.623.13.0-35.62

CVSS provenance

nvdv2.06.2MEDIUMAV:L/AC:H/Au:N/C:C/I:C/A:C
osv6.2MEDIUM
vendor_debian6.2MEDIUM
vendor_redhat6.2MEDIUM
vendor_ubuntu5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.