Two vulnerabilities in the Linux Kernel
Danger level: Low
Availability Fixes: Instructions on corrective action
Quantity of vulnerabilities: 2
1. (AV: L / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: W / RC: C) = Base: 2.1 / Temporal: 1.7
2. (AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:W/RC:C) = Base:2.1/Temporal:1.7
Vector of operation: Local Network
Impact: Denial of service
Affected products: Linux Kernel 3.10.x , Linux Kernel 3.12.x, Linux Kernel 3.14.x, Linux Kernel 3.16.x , Linux Kernel 3.17.x
Affected versions: Linux Kernel 3.17, Linux Kernel 3.17.1, Linux Kernel 3.16.6, Linux Kernel 3.14.22, Linux Kernel 3.12.30, Linux Kernel 3.10.58
1. [CVE-2014-7970: Linux VFS denial of service] This vulnerability could allow a local user cause denial of service.
The vulnerability is caused due to an error in the function “pivot_root ()” in the file fs / namespace.c. A local user can to cause denial of service.
Note: Successful exploitation requires that the Linux VFS kernel was with supporting of the user name-space (CONFIG_USER_NS).
2. [CVE-2014-7975: Linux kernel denial of service] This vulnerability could allow a local user cause denial of service.
The vulnerability is caused due to an error in the function “do_umount ()” in the file fs / namespace.c in the Linux kernel through 3.17. A local user can to make the root filesystem read-only.
Solutions: Install the update from the source code repository.