CVE-2014-5045 — MEDIUM (6.2)

Q: How severe is CVE-2014-5045?

CVE-2014-5045 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-5045?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Tus.

Vulnerability Description

The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program.

CVSS Score

6.2

MEDIUM

AV:L/AC:H/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 3.15.8
Redhat	Enterprise Linux Eus	6.5
Redhat	Enterprise Linux Server Aus	6.5
Redhat	Enterprise Linux Server Tus	6.5

Related Weaknesses (CWE)

CWE-59

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://rhn.redhat.com/errata/RHSA-2015-0062.htmlThird Party Advisory
http://secunia.com/advisories/60353Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8PatchThird Party AdvisoryVendor Advisory
http://www.openwall.com/lists/oss-security/2014/07/24/2Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/68862Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1122472Issue TrackingThird Party Advisory
https://github.com/torvalds/linux/commit/295dc39d941dc2ae53d5c170365af4c9d5c1621ExploitPatchThird Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://rhn.redhat.com/errata/RHSA-2015-0062.htmlThird Party Advisory
http://secunia.com/advisories/60353Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8PatchThird Party AdvisoryVendor Advisory
http://www.openwall.com/lists/oss-security/2014/07/24/2Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/68862Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1122472Issue TrackingThird Party Advisory

FAQ

What is CVE-2014-5045?

CVE-2014-5045 is a vulnerability with a CVSS score of 6.2 (MEDIUM). The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a sy...

How severe is CVE-2014-5045?

CVE-2014-5045 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-5045?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Tus.