Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

Low

Attack Vector

Local

0

CVE-2014-7970

Disclosure Date: October 13, 2014 •

CVE-2014-7970 CVSS v3 Base Score: 5.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.5 Medium

Impact Score:

3.6

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

Vendors

Products

References

Canonical

CVE-2014-7970 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7970)

BID-70319 (http://www.securityfocus.com/bid/70319)

Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=0d0826019e529f21c84687521d03f60cd241ca7d

USN-2419-1 (http://www.ubuntu.com/usn/USN-2419-1)

USN-2514-1 (http://www.ubuntu.com/usn/USN-2514-1)

https://bugzilla.redhat.com/show_bug.cgi?id=1151095

SECUNIA-60174 (http://secunia.com/advisories/60174)

[oss-security] 20141008 CVE-2014-7970: Linux VFS denial of service (http://www.openwall.com/lists/oss-security/2014/10/08/21)

USN-2420-1 (http://www.ubuntu.com/usn/USN-2420-1)

https://access.redhat.com/errata/RHSA-2017:2077

[linux-fsdevel] 20141008 [PATCH] mnt: Prevent pivot_root from creating a loop in the mount tree (http://www.spinics.net/lists/linux-fsdevel/msg79153.html)

https://access.redhat.com/errata/RHSA-2017:1842

XF-linux-kernel-cve20147970-dos(96921) (https://exchange.xforce.ibmcloud.com/vulnerabilities/96921)

USN-2513-1 (http://www.ubuntu.com/usn/USN-2513-1)

SECUNIA-61142 (http://secunia.com/advisories/61142)

SECTRACK-1030991 (http://www.securitytracker.com/id/1030991)

Rapid7

Technical Analysis