CVE-2014-7970 — MEDIUM (5.5)

Q: How severe is CVE-2014-7970?

CVE-2014-7970 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-7970?

Check the references section above for vendor advisories and patch information. Affected products include: Novell Suse Linux Enterprise Server, Linux Linux Kernel, Canonical Ubuntu Linux.

Vulnerability Description

The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Novell	Suse Linux Enterprise Server	11.0
Linux	Linux Kernel	<= 3.17
Canonical	Ubuntu Linux	12.04

Related Weaknesses (CWE)

CWE-400

References

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.htmlMailing ListThird Party Advisory
http://secunia.com/advisories/60174Broken Link
http://secunia.com/advisories/61142Broken Link
http://www.openwall.com/lists/oss-security/2014/10/08/21Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/70319Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1030991Third Party AdvisoryVDB Entry
http://www.spinics.net/lists/linux-fsdevel/msg79153.htmlExploitMailing ListPatch
http://www.ubuntu.com/usn/USN-2419-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2420-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2513-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2514-1Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1842Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2077Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1151095Issue TrackingPatchThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/96921Third Party AdvisoryVDB Entry

FAQ

What is CVE-2014-7970?

CVE-2014-7970 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of ...

How severe is CVE-2014-7970?

CVE-2014-7970 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-7970?

Check the references section above for vendor advisories and patch information. Affected products include: Novell Suse Linux Enterprise Server, Linux Linux Kernel, Canonical Ubuntu Linux.