Home

CVE-2014-4014

Description

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.

Risk Information

Base Score
7.8
MODERATE
Vector
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.115

Associated Vulnerability

VulnerabilityOS Platform
Linux hardware enablement kernel from Quantal (USN-2285-1) linux-image-3.5.0-54-generic_3.5.0-54.81~precise1_i386.debLinux
Linux hardware enablement kernel from Quantal (USN-2285-1) linux-image-3.5.0-54-generic_3.5.0-54.81~precise1_amd64.debLinux
Linux hardware enablement kernel from Saucy (USN-2287-1) linux-image-3.11.0-26-generic_3.11.0-26.45~precise1_i386.debLinux
Linux hardware enablement kernel from Saucy (USN-2287-1) linux-image-3.11.0-26-generic_3.11.0-26.45~precise1_amd64.debLinux
Linux hardware enablement kernel from Trusty (USN-2336-1) linux-image-3.13.0-35-generic_3.13.0-35.62~precise1_i386.debLinux
Linux hardware enablement kernel from Trusty (USN-2336-1) linux-image-3.13.0-35-generic_3.13.0-35.62~precise1_amd64.debLinux
Linux kernel (USN-2337-1) linux-image-3.13.0-35-generic_3.13.0-35.62_i386.debLinux
Linux kernel (USN-2337-1) linux-image-3.13.0-35-generic_3.13.0-35.62_amd64.debLinux
Linux kernel (USN-2337-1) linux-image-3.13.0-35-lowlatency_3.13.0-35.62_i386.debLinux
Linux kernel (USN-2337-1) linux-image-3.13.0-35-lowlatency_3.13.0-35.62_amd64.debLinux
Dtrace-modules-3.8.13-55.el6uek update (ELSA-2014-3096) dtrace-modules-3.8.13-55.el6uek-0.4.3-4.el6.x86_64.rpmLinux
Dtrace-modules-3.8.13-55.el7uek update (ELSA-2014-3096) dtrace-modules-3.8.13-55.el7uek-0.4.3-4.el7.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234