CVE-2014-5206

Bug #1356318 reported by John Johansen on 2014-08-13
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-armadaxp (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-ec2 (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-flo (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-fsl-imx51 (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-goldfish (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-lts-backport-maverick (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Trusty
Undecided
Unassigned
Utopic
Undecided
Unassigned
Vivid
Undecided
Unassigned
Wily
Undecided
Unassigned
Xenial
Undecided
Unassigned
linux-lts-backport-natty (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Trusty
Undecided
Unassigned
Utopic
Undecided
Unassigned
Vivid
Undecided
Unassigned
Wily
Undecided
Unassigned
Xenial
Undecided
Unassigned
linux-lts-quantal (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-lts-raring (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-lts-saucy (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-lts-trusty (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-lts-utopic (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-lts-vivid (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-mako (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-manta (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-mvl-dove (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-raspi2 (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-ti-omap4 (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned

Bug Description

The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount" command within a user namespace.

Break-Fix: 0c55cfc4166d9a0f38de779bd4d75a90afbe7734 a6138db815df5ee542d848318e5dae681590fccd
Break-Fix: 0c55cfc4166d9a0f38de779bd4d75a90afbe7734 07b645589dcda8b7a5249e096fece2a67556f0f4

CVE References

John Johansen (jjohansen) wrote :

CVE-2014-5206

tags: added: kernel-cve-tracking-bug
information type: Public → Public Security
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Utopic):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Trusty):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Utopic):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Trusty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Utopic):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Trusty):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Utopic):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Utopic):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Trusty):
status: New → Invalid
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Trusty):
importance: Undecided → High
Changed in linux (Ubuntu Precise):
importance: Undecided → High
Changed in linux (Ubuntu Lucid):
importance: Undecided → High
Changed in linux (Ubuntu Utopic):
importance: Undecided → High
Changed in linux (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Trusty):
importance: Undecided → High
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.16.0-8.13

---------------
linux (3.16.0-8.13) utopic; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1356403

  [ dann frazier ]

  * [debian] Allow for package revisions condusive for branching

  [ Upstream Kernel Changes ]

  * ahci_xgene: Fix the watermark threshold for the APM X-Gene SATA host controller driver.
    - LP: #1350087
  * ahci_xgene: Use correct OOB tunning parameters for APM X-Gene SoC AHCI SATA Host controller driver.
    - LP: #1350087
  * powerpc/powernv: Enable M64 aperatus for PHB3
    - LP: #1355469
  * powerpc: Fail remap_4k_pfn() if PFN doesn't fit inside PTE
    - LP: #1352994
  * powerpc: Add machine_early_initcall()
    - LP: #1352640
  * powerpc/powernv: Switch powernv drivers to use machine_xxx_initcall()
    - LP: #1352640
  * powerpc/eeh: Avoid event on passed PE
    - LP: #1352640
  * powerpc/eeh: EEH support for VFIO PCI device
    - LP: #1352640
  * powerpc/eeh: sysfs entries lost
    - LP: #1352640
  * powerpc/powernv: Fix IOMMU table for VFIO dev
    - LP: #1352640
  * powerpc/eeh: Fetch IOMMU table in reliable way
    - LP: #1352640
  * powerpc/eeh: Refactor EEH flag accessors
    - LP: #1352640
  * powerpc/eeh: Selectively enable IO for error log
    - LP: #1352640
  * powerpc/eeh: Reduce lines of log dump
    - LP: #1352640
  * powerpc/eeh: Replace pr_warning() with pr_warn()
    - LP: #1352640
  * powerpc/eeh: Make diag-data not endian dependent
    - LP: #1352640
  * powerpc/eeh: Aux PE data for error log
    - LP: #1352640
  * PCI: Support BAR sizes up to 128GB
    - LP: #1352640
  * powerpc/powernv: Allow to freeze PE
    - LP: #1352640
  * powerpc/powernv: Split ioda_eeh_get_state()
    - LP: #1352640
  * powerpc/powernv: Handle compound PE
    - LP: #1352640
  * powerpc/powernv: Handle compound PE for EEH
    - LP: #1352640
  * powerpc/powernv: Handle compound PE in config accessors
    - LP: #1352640
  * mnt: Only change user settable mount flags in remount
    - LP: #1356318
    - CVE-2014-5206
  * mnt: Move the test for MNT_LOCK_READONLY from change_mount_flags into do_remount
    - LP: #1356318
    - CVE-2014-5206
  * mnt: Correct permission checks in do_remount
    - LP: #1356323
    - CVE-2014-5207
  * mnt: Change the default remount atime from relatime to the existing value
    - LP: #1356323
    - CVE-2014-5207
 -- Tim Gardner <email address hidden> Sun, 10 Aug 2014 09:10:51 -0600

Changed in linux (Ubuntu Utopic):
status: New → Fix Released
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Invalid
Changed in linux (Ubuntu Precise):
status: New → Invalid
Changed in linux (Ubuntu Lucid):
status: New → Invalid
Changed in linux (Ubuntu Trusty):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Invalid
description: updated
Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
description: updated
Changed in linux-lts-saucy (Ubuntu Precise):
status: Invalid → Fix Committed
no longer affects: linux-lts-trusty (Ubuntu Lucid)
no longer affects: linux-armadaxp (Ubuntu Lucid)
no longer affects: linux-ec2 (Ubuntu Lucid)
no longer affects: linux-goldfish (Ubuntu Lucid)
no longer affects: linux-lts-saucy (Ubuntu Lucid)
no longer affects: linux-lts-quantal (Ubuntu Lucid)
no longer affects: linux-mvl-dove (Ubuntu Lucid)
no longer affects: linux-ti-omap4 (Ubuntu Lucid)
no longer affects: linux-lts-vivid (Ubuntu Lucid)
no longer affects: linux (Ubuntu Lucid)
no longer affects: linux-mako (Ubuntu Lucid)
no longer affects: linux-fsl-imx51 (Ubuntu Lucid)
no longer affects: linux-lts-utopic (Ubuntu Lucid)
no longer affects: linux-flo (Ubuntu Lucid)
no longer affects: linux-lts-raring (Ubuntu Lucid)
no longer affects: linux-manta (Ubuntu Lucid)
Changed in linux-lts-trusty (Ubuntu Precise):
status: New → Fix Released
importance: Undecided → High
Changed in linux-lts-trusty (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-trusty (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-trusty (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-trusty (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Trusty):
status: New → Fix Committed
importance: Undecided → High
Changed in linux-mako (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-mako (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-mako (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-mako (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-mako (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Rolf Leggewie (r0lf) wrote :

lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".

Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Won't Fix
Steve Beattie (sbeattie) on 2016-01-27
no longer affects: linux-lts-trusty (Ubuntu Utopic)
no longer affects: linux-armadaxp (Ubuntu Utopic)
no longer affects: linux-ec2 (Ubuntu Utopic)
no longer affects: linux-goldfish (Ubuntu Utopic)
no longer affects: linux-lts-saucy (Ubuntu Utopic)
no longer affects: linux-lts-quantal (Ubuntu Utopic)
no longer affects: linux-raspi2 (Ubuntu Utopic)
no longer affects: linux-mvl-dove (Ubuntu Utopic)
no longer affects: linux-ti-omap4 (Ubuntu Utopic)
no longer affects: linux-lts-vivid (Ubuntu Utopic)
no longer affects: linux (Ubuntu Utopic)
no longer affects: linux-mako (Ubuntu Utopic)
no longer affects: linux-fsl-imx51 (Ubuntu Utopic)
no longer affects: linux-lts-utopic (Ubuntu Utopic)
no longer affects: linux-flo (Ubuntu Utopic)
no longer affects: linux-lts-raring (Ubuntu Utopic)
no longer affects: linux-manta (Ubuntu Utopic)
Changed in linux-raspi2 (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-raspi2 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-raspi2 (Ubuntu Wily):
importance: Undecided → High
Changed in linux-raspi2 (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Steve Beattie (sbeattie) on 2016-01-27
Changed in linux-raspi2 (Ubuntu Xenial):
importance: Undecided → High
Rolf Leggewie (r0lf) wrote :

utopic has seen the end of its life and is no longer receiving any updates. Marking the utopic task for this ticket as "Won't Fix".

Changed in linux-lts-backport-maverick (Ubuntu Utopic):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Utopic):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers