cbcvebase.
CVE-2014-5207
published 2014-08-18

CVE-2014-5207: fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during…

PriorityP429medium6.2CVSS 2.0
AVLACHAuNCCICAC
EXPLOIT
EPSS
0.89%
54.8th percentile
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace.

Affected

9 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
debianlinux< linux 3.16.2-1 (bookworm)linux 3.16.2-1 (bookworm)
linuxlinux_kernel<= 3.16.1
linuxlinux_kernel>= 0 < 3.16.2-13.16.2-1
linuxlinux_kernel>= 0 < 3.16.2-13.16.2-1
linuxlinux_kernel>= 0 < 3.16.2-13.16.2-1
linuxlinux_kernel>= 0 < 3.16.2-13.16.2-1
linuxlinux_kernel>= 0 < 3.13.0-34.603.13.0-34.60

CVSS provenance

nvdv2.06.2MEDIUMAV:L/AC:H/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_ubuntu7.2HIGH
vendor_debian6.2MEDIUM
vendor_redhat6.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.