Two vulnerabilities in the Linux Kernel
Danger level: Low
Availability Fixes: Instructions on corrective action
Quantity of vulnerabilities: 2
CVSSv2 Rating:
1. (AV: L / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: W / RC: C) = Base: 2.1 / Temporal: 1.7
2. (AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:W/RC:C) = Base:2.1/Temporal:1.7
CVE ID:
1. CVE-2014-7970
2. CVE-2014-7975
Vector of operation: Local Network
Impact: Denial of service
Affected products: Linux Kernel 3.10.x , Linux Kernel 3.12.x, Linux Kernel 3.14.x, Linux Kernel 3.16.x , Linux Kernel 3.17.x
Affected versions: Linux Kernel 3.17, Linux Kernel 3.17.1, Linux Kernel 3.16.6, Linux Kernel 3.14.22, Linux Kernel 3.12.30, Linux Kernel 3.10.58
Description:
1. [CVE-2014-7970: Linux VFS denial of service] This vulnerability could allow a local user cause denial of service.
The vulnerability is caused due to an error in the function “pivot_root ()” in the file fs / namespace.c. A local user can to cause denial of service.
Note: Successful exploitation requires that the Linux VFS kernel was with supporting of the user name-space (CONFIG_USER_NS).
2. [CVE-2014-7975: Linux kernel denial of service] This vulnerability could allow a local user cause denial of service.
The vulnerability is caused due to an error in the function “do_umount ()” in the file fs / namespace.c in the Linux kernel through 3.17. A local user can to make the root filesystem read-only.
Solutions: Install the update from the source code repository.
Links:
1. https://git.kernel.org/…/?id=0d0826019e529f21c84687521d03f60cd241ca7d
http://seclists.org/oss-sec/2014/q4/228
2. http://git.kernel.org/…/?id=0ef3a56b1c466629cd0bf482b09c7b0e5a085bb5
http://seclists.org/oss-sec/2014/q4/229
Manufacturer URL:
