CVE-2014-4014

Linux kernel <3.14.8 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-4014. PoCs published by Vitaly Nikolenko, vnik5287.

AI-analyzed exploit summary This exploit leverages CVE-2014-4014, a Linux kernel vulnerability in user namespace handling, to escalate privileges by manipulating file permissions via a cloned process with CLONE_NEWUSER. The PoC sets the setgid bit on a specified file.

Description

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Vitaly Nikolenko · clocallinux
https://www.exploit-db.com/exploits/33824

This exploit leverages CVE-2014-4014, a Linux kernel vulnerability in user namespace handling, to escalate privileges by manipulating file permissions via a cloned process with CLONE_NEWUSER. The PoC sets the setgid bit on a specified file.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Linux Kernel (versions affected by CVE-2014-4014)
No auth needed
Prerequisites: Local access to the system · Kernel version vulnerable to CVE-2014-4014
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by vnik5287 · poc
https://github.com/vnik5287/cve-2014-4014-privesc

This PoC exploits CVE-2014-4014, a Linux kernel local privilege escalation vulnerability via user namespace manipulation. It uses clone() with CLONE_NEWUSER to create a child process with altered UID mappings, allowing it to set the setgid bit on arbitrary files.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Linux Kernel (versions affected by CVE-2014-4014)
No auth needed
Prerequisites: Linux system with vulnerable kernel · User namespace support enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/67988
Third Party Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2016-12-01.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030394
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/33824
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59220
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1107966
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/06/10/4

Scores

EPSS 0.0359
EPSS Percentile 88.1%

Details

CWE
CWE-264
Status published
Products (1)
linux/linux_kernel < 3.14.8
Published Jun 23, 2014
Tracked Since Feb 18, 2026