CVE-2014-5045

The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program.
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*

History

21 Nov 2024, 02:11

Type Values Removed Values Added
References () http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=295dc39d941dc2ae53d5c170365af4c9d5c16212 - () http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=295dc39d941dc2ae53d5c170365af4c9d5c16212 -
References () http://rhn.redhat.com/errata/RHSA-2015-0062.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2015-0062.html - Third Party Advisory
References () http://secunia.com/advisories/60353 - Third Party Advisory () http://secunia.com/advisories/60353 - Third Party Advisory
References () http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8 - Patch, Third Party Advisory, Vendor Advisory () http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8 - Patch, Third Party Advisory, Vendor Advisory
References () http://www.openwall.com/lists/oss-security/2014/07/24/2 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2014/07/24/2 - Mailing List, Third Party Advisory
References () http://www.securityfocus.com/bid/68862 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/68862 - Third Party Advisory, VDB Entry
References () https://bugzilla.redhat.com/show_bug.cgi?id=1122472 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=1122472 - Issue Tracking, Third Party Advisory
References () https://github.com/torvalds/linux/commit/295dc39d941dc2ae53d5c170365af4c9d5c16212 - Exploit, Patch, Third Party Advisory () https://github.com/torvalds/linux/commit/295dc39d941dc2ae53d5c170365af4c9d5c16212 - Exploit, Patch, Third Party Advisory

07 Nov 2023, 02:20

Type Values Removed Values Added
References
  • {'url': 'http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=295dc39d941dc2ae53d5c170365af4c9d5c16212', 'name': 'http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=295dc39d941dc2ae53d5c170365af4c9d5c16212', 'tags': ['Exploit', 'Patch', 'Vendor Advisory'], 'refsource': 'CONFIRM'}
  • () http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=295dc39d941dc2ae53d5c170365af4c9d5c16212 -

Information

Published : 2014-08-01 11:13

Updated : 2024-11-21 02:11


NVD link : CVE-2014-5045

Mitre link : CVE-2014-5045

CVE.ORG link : CVE-2014-5045


JSON object : View

Products Affected

redhat

  • enterprise_linux_server_aus
  • enterprise_linux_eus
  • enterprise_linux_server_tus

linux

  • linux_kernel
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')