Home

CVE-2014-8989

Description

The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a negative groups issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c.

Risk Information

Base Score
7.1
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
0.027

Associated Vulnerability

VulnerabilityOS Platform
Linux hardware enablement kernel from Trusty (USN-2515-1) linux-image-3.13.0-46-generic_3.13.0-46.79~precise1_i386.debLinux
Linux hardware enablement kernel from Trusty (USN-2515-1) linux-image-3.13.0-46-generic_3.13.0-46.79~precise1_amd64.debLinux
Linux kernel (USN-2516-1) linux-image-3.13.0-46-generic_3.13.0-46.79_i386.debLinux
Linux kernel (USN-2516-1) linux-image-3.13.0-46-generic_3.13.0-46.79_amd64.debLinux
Linux kernel (USN-2516-1) linux-image-3.13.0-46-lowlatency_3.13.0-46.79_i386.debLinux
Linux kernel (USN-2516-1) linux-image-3.13.0-46-lowlatency_3.13.0-46.79_amd64.debLinux
Linux hardware enablement kernel from Utopic (USN-2517-1) linux-image-3.16.0-31-generic_3.16.0-31.43~14.04.1_i386.debLinux
Linux hardware enablement kernel from Utopic (USN-2517-1) linux-image-3.16.0-31-generic_3.16.0-31.43~14.04.1_amd64.debLinux
Linux hardware enablement kernel from Utopic (USN-2517-1) linux-image-3.16.0-31-lowlatency_3.16.0-31.43~14.04.1_i386.debLinux
Linux hardware enablement kernel from Utopic (USN-2517-1) linux-image-3.16.0-31-lowlatency_3.16.0-31.43~14.04.1_amd64.debLinux
Dtrace-modules-3.8.13-98.el6uek update (ELSA-2015-3064) dtrace-modules-3.8.13-98.el6uek-0.4.5-2.el6.x86_64.rpmLinux
Dtrace-modules-3.8.13-98.el7uek update (ELSA-2015-3064) dtrace-modules-3.8.13-98.el7uek-0.4.5-3.el7.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234