Vulnerabilities: Denial of service in the Linux Kernel – October 21, 2014

Posted: October 21, 2014 in Vulnerabilities
Tags: ,


Linux TuxTwo vulnerabilities in the Linux Kernel

Danger level: Low
Availability Fixes: Instructions on corrective action
Quantity of vulnerabilities: 2

CVSSv2 Rating:
1.  (AV: L / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: W / RC: C) = Base: 2.1 / Temporal: 1.7
2. (AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:W/RC:C) = Base:2.1/Temporal:1.7

CVE ID:
1. CVE-2014-7970
2. CVE-2014-7975

Vector of operation: Local Network
Impact: Denial of service

Affected products: Linux Kernel 3.10.x , Linux Kernel 3.12.x, Linux Kernel 3.14.x, Linux Kernel 3.16.x , Linux Kernel 3.17.x

Affected versions: Linux Kernel 3.17, Linux Kernel 3.17.1, Linux Kernel 3.16.6, Linux Kernel 3.14.22, Linux Kernel 3.12.30, Linux Kernel 3.10.58

Description:

1. [CVE-2014-7970: Linux VFS denial of service] This vulnerability could allow a local user cause denial of service.

The vulnerability is caused due to an error in the function “pivot_root ()” in the file fs / namespace.c. A local user can to cause denial of service.

Note: Successful exploitation requires that the Linux VFS kernel was with supporting of the user name-space (CONFIG_USER_NS).

2. [CVE-2014-7975: Linux kernel denial of service] This vulnerability could allow a local user cause denial of service.

The vulnerability is caused due to an error in the function “do_umount ()” in the file fs / namespace.c in the Linux kernel through 3.17. A local user can to make the root filesystem read-only.

Solutions: Install the update from the source code repository.

Links:

1. https://git.kernel.org/…/?id=0d0826019e529f21c84687521d03f60cd241ca7d
http://seclists.org/oss-sec/2014/q4/228

2. http://git.kernel.org/…/?id=0ef3a56b1c466629cd0bf482b09c7b0e5a085bb5 
http://seclists.org/oss-sec/2014/q4/229


LinuxManufacturer URL:

https://www.kernel.org/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s