CVE-2014-7970Uncontrolled Resource Consumption in Kernel

CWE-400Uncontrolled Resource Consumption17 documents9 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 87.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelCanonical Ubuntu LinuxNovell Suse Linux Enterprise Server
Timeline
PublishedOct 13
Latest updateMay 13

Description

The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

Debianlinux/linux_kernel< 3.16.7-1+3

Also affects: Ubuntu Linux 12.04, 14.04

Patches

Patch: www.openwall.comPatch: www.spinics.netPatch: bugzilla.redhat.com

🔴Vulnerability Details

6
GHSA
GHSA-7p5j-7j45-6mrj: The pivot_root implementation in fs/namespace2022-05-13
OSV
linux vulnerabilities2014-11-25
Kernel
Merge branch 'CVE-2014-7970' of git://git.kernel.org/pub/scm/linux/kernel/git/luto/linux2014-10-15
CVEList
CVE-2014-7970: The pivot_root implementation in fs/namespace2014-10-13
OSV
CVE-2014-7970: The pivot_root implementation in fs/namespace2014-10-13

📋Vendor Advisories

8
Ubuntu
Linux kernel (OMAP4) vulnerabilities2015-02-26
Ubuntu
Linux kernel vulnerabilities2015-02-26
Ubuntu
Linux kernel (Utopic HWE) vulnerabilities2014-12-12
Ubuntu
Linux kernel vulnerabilities2014-12-12
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2014-11-25

💬Community

2
Bugzilla
CVE-2014-7970 Kernel: fs: VFS denial of service [fedora-all]2014-10-10
Bugzilla
CVE-2014-7970 Kernel: fs: VFS denial of service2014-10-09
CVE-2014-7970 — Uncontrolled Resource Consumption | cvebase