CVE-2014-7970
MEDIUMLinux Kernel < 3.17 - Denial of Service via pivot_root Chroot Directory Handling
Title source: llmDescription
The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call.
References (16)
Core 16
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/70319
Mailing List, Patch, Vendor Advisory x_refsource_confirm
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0826019e529f21c84687521d03f60cd241ca7d
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2419-1
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2514-1
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1151095
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/60174
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/10/08/21
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2420-1
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2077
Exploit, Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.spinics.net/lists/linux-fsdevel/msg79153.html
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1842
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/96921
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2513-1
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/61142
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030991
Scores
CVSS v3
5.5
EPSS
0.0004
EPSS Percentile
13.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (4)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
linux/linux_kernel
< 3.17
novell/suse_linux_enterprise_server
11.0 sp3
Published
Oct 13, 2014
Tracked Since
Feb 18, 2026