CVE-2014-4014
published 2014-06-23CVE-2014-4014: The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local…
PriorityP431medium6.2CVSS 2.0
AVLACHAuNCCICAC
EXPLOIT
EPSS
3.30%
87.0th percentile
The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 3.14.7-1 (bookworm) | linux 3.14.7-1 (bookworm) |
| android | — | — | |
| linux | linux_kernel | < 3.14.8 | 3.14.8 |
| linux | linux_kernel | >= 0 < 3.14.7-1 | 3.14.7-1 |
| linux | linux_kernel | >= 0 < 3.14.7-1 | 3.14.7-1 |
| linux | linux_kernel | >= 0 < 3.14.7-1 | 3.14.7-1 |
| linux | linux_kernel | >= 0 < 3.14.7-1 | 3.14.7-1 |
| linux | linux_kernel | >= 0 < 3.13.0-35.62 | 3.13.0-35.62 |
CVSS provenance
nvdv2.06.2MEDIUMAV:L/AC:H/Au:N/C:C/I:C/A:C
osv6.2MEDIUM
vendor_debian6.2MEDIUM
vendor_redhat6.2MEDIUM
vendor_ubuntu5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2014-4014: Android Security Bulletin 2016-12-01
CVE: CVE-2014-4014
Severity: HIGH
References: A-31252187
Upstream kernel
vendor_android·2016-12-01·CVSS 6.2
CVE-2014-4014 [MEDIUM] CVE-2014-4014: Android Security Bulletin 2016-12-01
CVE: CVE-2014-4014
Severity: HIGH
References: A-31252187
Upstream kernel
Android Security Bulletin 2016-12-01
CVE: CVE-2014-4014
Severity: HIGH
References: A-31252187
Upstream kernel
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities
vendor_ubuntu·2014-09-02·CVSS 5.5
CVE-2014-0155 [MEDIUM] Linux kernel (Trusty HWE) vulnerabilities
Title: Linux kernel (Trusty HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
A flaw was discovered in the Linux kernel virtual machine's (kvm)
validation of interrupt requests (irq). A guest OS user could exploit this
flaw to cause a denial of service (host OS crash). (CVE-2014-0155)
Andy Lutomirski discovered a flaw in the authorization of netlink socket
operations when a socket is passed to a process of more privilege. A local
user could exploit this flaw to bypass access restrictions by having a
privileged executable do something it was not intended to do.
(CVE-2014-0181)
An information leak was discovered in the Linux kernels
aio_read_events_ring function. A local user could exploit this flaw to
obtain potentially sensitive information from kernel mem
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2014-09-02·CVSS 5.5
CVE-2014-0155 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
A flaw was discovered in the Linux kernel virtual machine's (kvm)
validation of interrupt requests (irq). A guest OS user could exploit this
flaw to cause a denial of service (host OS crash). (CVE-2014-0155)
Andy Lutomirski discovered a flaw in the authorization of netlink socket
operations when a socket is passed to a process of more privilege. A local
user could exploit this flaw to bypass access restrictions by having a
privileged executable do something it was not intended to do.
(CVE-2014-0181)
An information leak was discovered in the Linux kernels
aio_read_events_ring function. A local user could exploit this flaw to
obtain potentially sensitive information from kernel memory.
(CVE-201
Ubuntu
Linux kernel (Quantal HWE) vulnerabilities
vendor_ubuntu·2014-07-17·CVSS 2.9
CVE-2014-0131 [LOW] Linux kernel (Quantal HWE) vulnerabilities
Title: Linux kernel (Quantal HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol
(PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user
could exploit this flaw to gain administrative privileges. (CVE-2014-4943)
Michael S. Tsirkin discovered an information leak in the Linux kernel's
segmentation of skbs when using the zerocopy feature of vhost-net. A local
attacker could exploit this flaw to gain potentially sensitive information
from kernel memory. (CVE-2014-0131)
Salva Peiró discovered an information leak in the Linux kernel's media-
device driver. A local attacker could exploit this flaw to obtain sensitive
information from kernel memory. (CVE-2014-1739)
An flaw
Ubuntu
Linux kernel (Raring HWE) vulnerabilities
vendor_ubuntu·2014-07-17·CVSS 2.9
CVE-2014-0131 [LOW] Linux kernel (Raring HWE) vulnerabilities
Title: Linux kernel (Raring HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol
(PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user
could exploit this flaw to gain administrative privileges. (CVE-2014-4943)
Michael S. Tsirkin discovered an information leak in the Linux kernel's
segmentation of skbs when using the zerocopy feature of vhost-net. A local
attacker could exploit this flaw to gain potentially sensitive information
from kernel memory. (CVE-2014-0131)
Salva Peiró discovered an information leak in the Linux kernel's media-
device driver. A local attacker could exploit this flaw to obtain sensitive
information from kernel memory. (CVE-2014-1739)
A bounds
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2014-07-17·CVSS 2.9
CVE-2014-0131 [LOW] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol
(PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user
could exploit this flaw to gain administrative privileges. (CVE-2014-4943)
Michael S. Tsirkin discovered an information leak in the Linux kernel's
segmentation of skbs when using the zerocopy feature of vhost-net. A local
attacker could exploit this flaw to gain potentially sensitive information
from kernel memory. (CVE-2014-0131)
An flaw was discovered in the Linux kernel's audit subsystem when auditing
certain syscalls. A local attacker could exploit this flaw to obtain
potentially sensitive single-bit values from kernel memory or cause a
denia
Ubuntu
Linux kernel (Saucy HWE) vulnerabilities
vendor_ubuntu·2014-07-17·CVSS 2.9
CVE-2014-0131 [LOW] Linux kernel (Saucy HWE) vulnerabilities
Title: Linux kernel (Saucy HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol
(PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user
could exploit this flaw to gain administrative privileges. (CVE-2014-4943)
Michael S. Tsirkin discovered an information leak in the Linux kernel's
segmentation of skbs when using the zerocopy feature of vhost-net. A local
attacker could exploit this flaw to gain potentially sensitive information
from kernel memory. (CVE-2014-0131)
An flaw was discovered in the Linux kernel's audit subsystem when auditing
certain syscalls. A local attacker could exploit this flaw to obtain
potentially sensitive single-bit values from kernel memory or c
Red Hat
Kernel: possible privilege escalation in user namespace
vendor_redhat·2014-06-10·CVSS 6.2
CVE-2014-4014 [MEDIUM] Kernel: possible privilege escalation in user namespace
Kernel: possible privilege escalation in user namespace
The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.
Statement: This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.
Package: kernel (Red Hat Enterprise Linux 5) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: realtime-kernel (Red Hat Enterprise MRG 2) - Not affected
Debian
CVE-2014-4014: linux - The capabilities implementation in the Linux kernel before 3.14.8 does not prope...
vendor_debian·2014·CVSS 6.2
CVE-2014-4014 [MEDIUM] CVE-2014-4014: linux - The capabilities implementation in the Linux kernel before 3.14.8 does not prope...
The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.
Scope: local
bookworm: resolved (fixed in 3.14.7-1)
bullseye: resolved (fixed in 3.14.7-1)
forky: resolved (fixed in 3.14.7-1)
sid: resolved (fixed in 3.14.7-1)
trixie: resolved (fixed in 3.14.7-1)
GHSA
GHSA-73cf-9h72-w34c: The capabilities implementation in the Linux kernel before 3
ghsa_unreviewed·2022-05-14
CVE-2014-4014 [MEDIUM] GHSA-73cf-9h72-w34c: The capabilities implementation in the Linux kernel before 3
The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.
OSV
linux vulnerabilities
osv·2014-09-02·CVSS 5.5
CVE-2014-0155 [MEDIUM] linux vulnerabilities
linux vulnerabilities
A flaw was discovered in the Linux kernel virtual machine's (kvm)
validation of interrupt requests (irq). A guest OS user could exploit this
flaw to cause a denial of service (host OS crash). (CVE-2014-0155)
Andy Lutomirski discovered a flaw in the authorization of netlink socket
operations when a socket is passed to a process of more privilege. A local
user could exploit this flaw to bypass access restrictions by having a
privileged executable do something it was not intended to do.
(CVE-2014-0181)
An information leak was discovered in the Linux kernels
aio_read_events_ring function. A local user could exploit this flaw to
obtain potentially sensitive information from kernel memory.
(CVE-2014-0206)
A flaw was discovered in the Linux kernel's implementation of use
OSV
CVE-2014-4014: The capabilities implementation in the Linux kernel before 3
osv·2014-06-23·CVSS 6.2
CVE-2014-4014 [MEDIUM] CVE-2014-4014: The capabilities implementation in the Linux kernel before 3
The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.
Kernel
fs,userns: Change inode_capable to capable_wrt_inode_uidgid
kernel_security·2014-06-10·CVSS 6.2
CVE-2014-4014 [MEDIUM] fs,userns: Change inode_capable to capable_wrt_inode_uidgid
fs,userns: Change inode_capable to capable_wrt_inode_uidgid
The kernel has no concept of capabilities with respect to inodes; inodes
exist independently of namespaces. For example, inode_capable(inode,
CAP_LINUX_IMMUTABLE) would be nonsense.
This patch changes inode_capable to check for uid and gid mappings and
renames it to capable_wrt_inode_uidgid, which should make it more
obvious what it does.
Fixes CVE-2014-4014.
Cc: Theodore Ts'o
Cc: Serge Hallyn
Cc: "Eric W. Biederman"
Cc: Dave Chinner
Cc: [email protected]
Signed-off-by: Andy Lutomirski
Signed-off-by: Linus Torvalds
No detection rules found.
Bugzilla
CVE-2014-4014 Kernel: possible privilege escalation in user namespace [fedora-all]
bugzilla·2014-06-16·CVSS 6.2
CVE-2014-4014 [MEDIUM] CVE-2014-4014 Kernel: possible privilege escalation in user namespace [fedora-all]
CVE-2014-4014 Kernel: possible privilege escalation in user namespace [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
NOTE: this issue affects mult
Bugzilla
CVE-2014-4014 Kernel: possible privilege escalation in user namespace
bugzilla·2014-06-11·CVSS 6.2
CVE-2014-4014 [MEDIUM] CVE-2014-4014 Kernel: possible privilege escalation in user namespace
CVE-2014-4014 Kernel: possible privilege escalation in user namespace
Linux kernel built with the user namespaces(CONFIG_USER_NS) is vulnerable to a
potential privilege escalation flaw.
An unprivileged user/process could use this flaw to escalate their privileges
on a system.
Upstream fix:
-> https://git.kernel.org/linus/23adbe12ef7d3d4195e80800ab36b37bee28cd03
Reference:
-> http://www.openwall.com/lists/oss-security/2014/06/10/4
Discussion:
Statement:
This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.
---
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1109836]
---
kernel-3.14.8-200.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please
arXiv
The Ideal Versus the Real: Revisiting the History of Virtual Machines and Containers
arxiv_fulltext·2019-04-27
The Ideal Versus the Real: Revisiting the History of Virtual Machines and Containers
The Ideal Versus the Real: Revisiting the History of Virtual Machines and Containers
Allison Randal, University of Cambridge
## Abstract
The common perception in both academic literature and the industry
today is that virtual machines offer better security, while containers
offer better performance. However, a detailed review of the history of
these technologies and the current threats they face reveals a
different story. This survey covers key developments in the evolution
of virtual machines and containers from the 1950s to today, with an
emphasis on countering modern misperceptions with accurate historical
details and providing a solid foundation for ongoing research into the
future of secure isolation for multitenant infrastructures, such as
cloud and container deployments.
## Intr
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=23adbe12ef7d3d4195e80800ab36b37bee28cd03http://secunia.com/advisories/59220http://www.exploit-db.com/exploits/33824http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.8http://www.openwall.com/lists/oss-security/2014/06/10/4http://www.securityfocus.com/bid/67988http://www.securitytracker.com/id/1030394https://bugzilla.redhat.com/show_bug.cgi?id=1107966https://github.com/torvalds/linux/commit/23adbe12ef7d3d4195e80800ab36b37bee28cd03https://source.android.com/security/bulletin/2016-12-01.htmlhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=23adbe12ef7d3d4195e80800ab36b37bee28cd03http://secunia.com/advisories/59220http://www.exploit-db.com/exploits/33824http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.8http://www.openwall.com/lists/oss-security/2014/06/10/4http://www.securityfocus.com/bid/67988http://www.securitytracker.com/id/1030394https://bugzilla.redhat.com/show_bug.cgi?id=1107966https://github.com/torvalds/linux/commit/23adbe12ef7d3d4195e80800ab36b37bee28cd03https://source.android.com/security/bulletin/2016-12-01.html
2014-06-23
Published