CVE-2014-5045 — Link Following in Kernel

CWE-59 — Link Following11 documents8 sources

Severity

6.2MEDIUMNVD

OSV5.5

EPSS

0.0%

top 91.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Redhat Enterprise Linux EUS Redhat Enterprise Linux Server AUS +1 more

Timeline

PublishedAug 1

Latest updateMay 13

Description

The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program.

CVSS vector

AV:L/AC:H/C:C/I:C/A:CExploitability: 1.9 | Impact: 10.0

Affected Packages3 packages

▶NVDlinux/linux_kernel< 3.15.8

▶Debianlinux/linux_kernel< 3.14.15-1+3

▶Ubuntulinux/linux_kernel< 3.13.0-35.62

Also affects: Enterprise Linux 6.5

Patches

Patch: www.kernel.org ↗Patch: github.com ↗Patch: www.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-9pvv-pv37-92f4: The mountpoint_last function in fs/namei↗2022-05-13

▶

OSV

linux vulnerabilities↗2014-09-02

▶

CVEList

CVE-2014-5045: The mountpoint_last function in fs/namei↗2014-08-01

▶

OSV

CVE-2014-5045: The mountpoint_last function in fs/namei↗2014-08-01

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Trusty HWE) vulnerabilities↗2014-09-02

▶

Ubuntu

Linux kernel vulnerabilities↗2014-09-02

▶

Red Hat

kernel: vfs: refcount issues during unmount on symlink↗2014-07-20

▶

Debian

CVE-2014-5045: linux - The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 doe...↗2014

▶

💬Community

Bugzilla

CVE-2014-5045 kernel: vfs: refcount issues during lazy unmount on symlink [fedora-all]↗2014-07-23

▶

Bugzilla

CVE-2014-5045 kernel: vfs: refcount issues during unmount on symlink↗2014-07-23

▶