[v3.0] kernel: fs: missing permission check to do_umount (CVE-2014-7975)
The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call.
•MLIST:[oss-security] 20141008 CVE-2014-7975: 0-day umount denial of
service
•URL: http://www.openwall.com/lists/oss-security/2014/10/08/22
•MLIST:[stable] 20141008 [PATCH] fs: Add a missing permission check
to do_umount
•URL: http://thread.gmane.org/gmane.linux.kernel.stable/109312
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1151108
•CONFIRM:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ef3a56b1c466629cd0bf482b09c7b0e5a085bb5
•BID:70314
•URL: http://www.securityfocus.com/bid/70314
•SECUNIA:61145
•URL: http://secunia.com/advisories/61145
•XF:linux-kernel-cve20147975-dos(96994)
•URL: http://xforce.iss.net/xforce/xfdb/96994
(from redmine: issue id 3512, created on 2014-11-12, closed on 2017-09-05)
- Relations:
- parent #3508