CVE-2014-5206

Bug #1356318 reported by John Johansen
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Fix Released
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Fix Released
High
Unassigned
Xenial
Fix Released
High
Unassigned
linux-armadaxp (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-ec2 (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-flo (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-fsl-imx51 (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-goldfish (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-lts-backport-maverick (Ubuntu)
New
Undecided
Unassigned
Lucid
Won't Fix
Undecided
Unassigned
Precise
Won't Fix
Undecided
Unassigned
Trusty
New
Undecided
Unassigned
Utopic
Won't Fix
Undecided
Unassigned
Vivid
New
Undecided
Unassigned
Wily
New
Undecided
Unassigned
Xenial
New
Undecided
Unassigned
linux-lts-backport-natty (Ubuntu)
New
Undecided
Unassigned
Lucid
Won't Fix
Undecided
Unassigned
Precise
Won't Fix
Undecided
Unassigned
Trusty
New
Undecided
Unassigned
Utopic
Won't Fix
Undecided
Unassigned
Vivid
New
Undecided
Unassigned
Wily
New
Undecided
Unassigned
Xenial
New
Undecided
Unassigned
linux-lts-quantal (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-lts-raring (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-lts-saucy (Ubuntu)
Invalid
High
Unassigned
Precise
Won't Fix
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-lts-trusty (Ubuntu)
Invalid
High
Unassigned
Precise
Fix Released
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-lts-utopic (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-lts-vivid (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Fix Committed
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-mako (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-manta (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-mvl-dove (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-raspi2 (Ubuntu)
New
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
New
High
Unassigned
Xenial
New
High
Unassigned
linux-ti-omap4 (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned

Bug Description

The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount" command within a user namespace.

Break-Fix: 0c55cfc4166d9a0f38de779bd4d75a90afbe7734 a6138db815df5ee542d848318e5dae681590fccd
Break-Fix: 0c55cfc4166d9a0f38de779bd4d75a90afbe7734 07b645589dcda8b7a5249e096fece2a67556f0f4

CVE References

Revision history for this message
John Johansen (jjohansen) wrote :

CVE-2014-5206

tags: added: kernel-cve-tracking-bug
information type: Public → Public Security
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Utopic):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Trusty):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Utopic):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Trusty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Utopic):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Trusty):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Utopic):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Utopic):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Trusty):
status: New → Invalid
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Trusty):
importance: Undecided → High
Changed in linux (Ubuntu Precise):
importance: Undecided → High
Changed in linux (Ubuntu Lucid):
importance: Undecided → High
Changed in linux (Ubuntu Utopic):
importance: Undecided → High
Changed in linux (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Trusty):
importance: Undecided → High
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.16.0-8.13

---------------
linux (3.16.0-8.13) utopic; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1356403

  [ dann frazier ]

  * [debian] Allow for package revisions condusive for branching

  [ Upstream Kernel Changes ]

  * ahci_xgene: Fix the watermark threshold for the APM X-Gene SATA host controller driver.
    - LP: #1350087
  * ahci_xgene: Use correct OOB tunning parameters for APM X-Gene SoC AHCI SATA Host controller driver.
    - LP: #1350087
  * powerpc/powernv: Enable M64 aperatus for PHB3
    - LP: #1355469
  * powerpc: Fail remap_4k_pfn() if PFN doesn't fit inside PTE
    - LP: #1352994
  * powerpc: Add machine_early_initcall()
    - LP: #1352640
  * powerpc/powernv: Switch powernv drivers to use machine_xxx_initcall()
    - LP: #1352640
  * powerpc/eeh: Avoid event on passed PE
    - LP: #1352640
  * powerpc/eeh: EEH support for VFIO PCI device
    - LP: #1352640
  * powerpc/eeh: sysfs entries lost
    - LP: #1352640
  * powerpc/powernv: Fix IOMMU table for VFIO dev
    - LP: #1352640
  * powerpc/eeh: Fetch IOMMU table in reliable way
    - LP: #1352640
  * powerpc/eeh: Refactor EEH flag accessors
    - LP: #1352640
  * powerpc/eeh: Selectively enable IO for error log
    - LP: #1352640
  * powerpc/eeh: Reduce lines of log dump
    - LP: #1352640
  * powerpc/eeh: Replace pr_warning() with pr_warn()
    - LP: #1352640
  * powerpc/eeh: Make diag-data not endian dependent
    - LP: #1352640
  * powerpc/eeh: Aux PE data for error log
    - LP: #1352640
  * PCI: Support BAR sizes up to 128GB
    - LP: #1352640
  * powerpc/powernv: Allow to freeze PE
    - LP: #1352640
  * powerpc/powernv: Split ioda_eeh_get_state()
    - LP: #1352640
  * powerpc/powernv: Handle compound PE
    - LP: #1352640
  * powerpc/powernv: Handle compound PE for EEH
    - LP: #1352640
  * powerpc/powernv: Handle compound PE in config accessors
    - LP: #1352640
  * mnt: Only change user settable mount flags in remount
    - LP: #1356318
    - CVE-2014-5206
  * mnt: Move the test for MNT_LOCK_READONLY from change_mount_flags into do_remount
    - LP: #1356318
    - CVE-2014-5206
  * mnt: Correct permission checks in do_remount
    - LP: #1356323
    - CVE-2014-5207
  * mnt: Change the default remount atime from relatime to the existing value
    - LP: #1356323
    - CVE-2014-5207
 -- Tim Gardner <email address hidden> Sun, 10 Aug 2014 09:10:51 -0600

Changed in linux (Ubuntu Utopic):
status: New → Fix Released
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Invalid
Changed in linux (Ubuntu Precise):
status: New → Invalid
Changed in linux (Ubuntu Lucid):
status: New → Invalid
Changed in linux (Ubuntu Trusty):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Invalid
description: updated
Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
description: updated
Changed in linux-lts-saucy (Ubuntu Precise):
status: Invalid → Fix Committed
no longer affects: linux-lts-trusty (Ubuntu Lucid)
no longer affects: linux-armadaxp (Ubuntu Lucid)
no longer affects: linux-ec2 (Ubuntu Lucid)
no longer affects: linux-goldfish (Ubuntu Lucid)
no longer affects: linux-lts-saucy (Ubuntu Lucid)
no longer affects: linux-lts-quantal (Ubuntu Lucid)
no longer affects: linux-mvl-dove (Ubuntu Lucid)
no longer affects: linux-ti-omap4 (Ubuntu Lucid)
no longer affects: linux-lts-vivid (Ubuntu Lucid)
no longer affects: linux (Ubuntu Lucid)
no longer affects: linux-mako (Ubuntu Lucid)
no longer affects: linux-fsl-imx51 (Ubuntu Lucid)
no longer affects: linux-lts-utopic (Ubuntu Lucid)
no longer affects: linux-flo (Ubuntu Lucid)
no longer affects: linux-lts-raring (Ubuntu Lucid)
no longer affects: linux-manta (Ubuntu Lucid)
Changed in linux-lts-trusty (Ubuntu Precise):
status: New → Fix Released
importance: Undecided → High
Changed in linux-lts-trusty (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-trusty (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-trusty (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-trusty (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Trusty):
status: New → Fix Committed
importance: Undecided → High
Changed in linux-mako (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-mako (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-mako (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-mako (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-mako (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Revision history for this message
Rolf Leggewie (r0lf) wrote :

lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".

Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Won't Fix
Steve Beattie (sbeattie)
no longer affects: linux-lts-trusty (Ubuntu Utopic)
no longer affects: linux-armadaxp (Ubuntu Utopic)
no longer affects: linux-ec2 (Ubuntu Utopic)
no longer affects: linux-goldfish (Ubuntu Utopic)
no longer affects: linux-lts-saucy (Ubuntu Utopic)
no longer affects: linux-lts-quantal (Ubuntu Utopic)
no longer affects: linux-raspi2 (Ubuntu Utopic)
no longer affects: linux-mvl-dove (Ubuntu Utopic)
no longer affects: linux-ti-omap4 (Ubuntu Utopic)
no longer affects: linux-lts-vivid (Ubuntu Utopic)
no longer affects: linux (Ubuntu Utopic)
no longer affects: linux-mako (Ubuntu Utopic)
no longer affects: linux-fsl-imx51 (Ubuntu Utopic)
no longer affects: linux-lts-utopic (Ubuntu Utopic)
no longer affects: linux-flo (Ubuntu Utopic)
no longer affects: linux-lts-raring (Ubuntu Utopic)
no longer affects: linux-manta (Ubuntu Utopic)
Changed in linux-raspi2 (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-raspi2 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-raspi2 (Ubuntu Wily):
importance: Undecided → High
Changed in linux-raspi2 (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Steve Beattie (sbeattie)
Changed in linux-raspi2 (Ubuntu Xenial):
importance: Undecided → High
Revision history for this message
Rolf Leggewie (r0lf) wrote :

utopic has seen the end of its life and is no longer receiving any updates. Marking the utopic task for this ticket as "Won't Fix".

Changed in linux-lts-backport-maverick (Ubuntu Utopic):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Utopic):
status: New → Won't Fix
Revision history for this message
Steve Langasek (vorlon) wrote :

The Precise Pangolin has reached end of life, so this bug will not be fixed for that release

Changed in linux-lts-saucy (Ubuntu Precise):
status: Fix Committed → Won't Fix
Steve Langasek (vorlon)
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.