CVE-2015-4177

Опубликовано: 01 июл. 2015

Источник: redhat

CVSS2: 4.9

Описание

The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call.

A flaw was discovered in the kernel's collect_mounts function. If the kernel's audit subsystem called collect_mounts to audit an unmounted path, it could panic the system. With this flaw, an unprivileged user could call umount(MNT_DETACH) to launch a denial-of-service attack.

Отчет

This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6, MRG-2, realtime and arm-kernels. The issue is not currently planned to be addressed in Red Hat Enterprise Linux 7.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 4	kernel	Not affected
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Will not fix
Red Hat Enterprise Linux 7	kernel-rt	Will not fix
Red Hat Enterprise MRG 2	realtime-kernel	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1248486kernel: Race conditions in collect_mounts

4.9 Medium

CVSS2

Связанные уязвимости

CVE-2015-4177

CVSS3: 5.5

ubuntu

почти 10 лет назад

CVE-2015-4177

CVSS3: 5.5

nvd

почти 10 лет назад

CVE-2015-4177

CVSS3: 5.5

debian

почти 10 лет назад

The collect_mounts function in fs/namespace.c in the Linux kernel befo ...

GHSA-jwg7-7w82-9rvq

CVSS3: 5.5

github

больше 3 лет назад

4.9 Medium

CVSS2