CVE 2014-5207
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace.
Related bugs and status
CVE-2014-5207 (Candidate) is related to these bugs:
Bug #1350087: ahci-xgene stability improvements
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1350087 | ahci-xgene stability improvements | linux (Ubuntu) | High | Fix Released | ||
| 1350087 | ahci-xgene stability improvements | linux (Ubuntu Trusty) | Undecided | Fix Released | ||
Bug #1352640: Huge PCI BAR support needed for Ubuntu 14.10
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1352640 | Huge PCI BAR support needed for Ubuntu 14.10 | linux (Ubuntu) | Medium | Fix Released | ||
| 1352640 | Huge PCI BAR support needed for Ubuntu 14.10 | linux (Ubuntu Utopic) | Medium | Fix Released | ||
Bug #1352994: remap_4K_pfn() safety improvement needed for Ubuntu 14.10
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1352994 | remap_4K_pfn() safety improvement needed for Ubuntu 14.10 | linux (Ubuntu) | Medium | Fix Released | ||
| 1352994 | remap_4K_pfn() safety improvement needed for Ubuntu 14.10 | linux (Ubuntu Utopic) | Medium | Fix Released | ||
Bug #1355469: large bar patch for 14.10's kernel
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1355469 | large bar patch for 14.10's kernel | linux (Ubuntu) | Undecided | Fix Released | ||
| 1355469 | large bar patch for 14.10's kernel | linux (Ubuntu Utopic) | Undecided | Fix Released | ||
Bug #1356318: CVE-2014-5206
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1356318 | CVE-2014-5206 | linux (Ubuntu) | High | Fix Released | ||
| 1356318 | CVE-2014-5206 | linux-fsl-imx51 (Ubuntu) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-mvl-dove (Ubuntu) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-lts-backport-maverick (Ubuntu) | Undecided | New | ||
| 1356318 | CVE-2014-5206 | linux-lts-backport-natty (Ubuntu) | Undecided | New | ||
| 1356318 | CVE-2014-5206 | linux-ti-omap4 (Ubuntu) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-ec2 (Ubuntu) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-lts-backport-maverick (Ubuntu Utopic) | Undecided | Won't Fix | ||
| 1356318 | CVE-2014-5206 | linux-lts-backport-natty (Ubuntu Utopic) | Undecided | Won't Fix | ||
| 1356318 | CVE-2014-5206 | linux (Ubuntu Trusty) | High | Fix Released | ||
| 1356318 | CVE-2014-5206 | linux-ec2 (Ubuntu Trusty) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-fsl-imx51 (Ubuntu Trusty) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-lts-backport-maverick (Ubuntu Trusty) | Undecided | New | ||
| 1356318 | CVE-2014-5206 | linux-lts-backport-natty (Ubuntu Trusty) | Undecided | New | ||
| 1356318 | CVE-2014-5206 | linux-mvl-dove (Ubuntu Trusty) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-ti-omap4 (Ubuntu Trusty) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux (Ubuntu Precise) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-ec2 (Ubuntu Precise) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-fsl-imx51 (Ubuntu Precise) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-lts-backport-maverick (Ubuntu Precise) | Undecided | Won't Fix | ||
| 1356318 | CVE-2014-5206 | linux-lts-backport-natty (Ubuntu Precise) | Undecided | Won't Fix | ||
| 1356318 | CVE-2014-5206 | linux-mvl-dove (Ubuntu Precise) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-ti-omap4 (Ubuntu Precise) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-lts-backport-maverick (Ubuntu Lucid) | Undecided | Won't Fix | ||
| 1356318 | CVE-2014-5206 | linux-lts-backport-natty (Ubuntu Lucid) | Undecided | Won't Fix | ||
| 1356318 | CVE-2014-5206 | linux-armadaxp (Ubuntu) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-armadaxp (Ubuntu Precise) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-armadaxp (Ubuntu Trusty) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-lts-saucy (Ubuntu) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-lts-saucy (Ubuntu Precise) | High | Won't Fix | ||
| 1356318 | CVE-2014-5206 | linux-lts-saucy (Ubuntu Trusty) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-lts-quantal (Ubuntu) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-lts-quantal (Ubuntu Precise) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-lts-quantal (Ubuntu Trusty) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-lts-raring (Ubuntu) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-lts-raring (Ubuntu Precise) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-lts-raring (Ubuntu Trusty) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-lts-trusty (Ubuntu) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-lts-trusty (Ubuntu Precise) | High | Fix Released | ||
| 1356318 | CVE-2014-5206 | linux-lts-trusty (Ubuntu Trusty) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux (Ubuntu Vivid) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-armadaxp (Ubuntu Vivid) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-ec2 (Ubuntu Vivid) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-fsl-imx51 (Ubuntu Vivid) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-lts-backport-maverick (Ubuntu Vivid) | Undecided | New | ||
| 1356318 | CVE-2014-5206 | linux-lts-backport-natty (Ubuntu Vivid) | Undecided | New | ||
| 1356318 | CVE-2014-5206 | linux-lts-quantal (Ubuntu Vivid) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-lts-raring (Ubuntu Vivid) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-lts-saucy (Ubuntu Vivid) | High | Invalid | ||
| 1356318 | CVE-2014-5206 | linux-lts-trusty (Ubuntu Vivid) | High | Invalid | ||
Bug #1356323: CVE-2014-5207
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1356323 | CVE-2014-5207 | linux (Ubuntu) | High | Fix Released | ||
| 1356323 | CVE-2014-5207 | linux-fsl-imx51 (Ubuntu) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-mvl-dove (Ubuntu) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-lts-backport-maverick (Ubuntu) | Undecided | New | ||
| 1356323 | CVE-2014-5207 | linux-lts-backport-natty (Ubuntu) | Undecided | New | ||
| 1356323 | CVE-2014-5207 | linux-ti-omap4 (Ubuntu) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-ec2 (Ubuntu) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-lts-backport-maverick (Ubuntu Utopic) | Undecided | Won't Fix | ||
| 1356323 | CVE-2014-5207 | linux-lts-backport-natty (Ubuntu Utopic) | Undecided | Won't Fix | ||
| 1356323 | CVE-2014-5207 | linux (Ubuntu Trusty) | High | Fix Released | ||
| 1356323 | CVE-2014-5207 | linux-ec2 (Ubuntu Trusty) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-fsl-imx51 (Ubuntu Trusty) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-lts-backport-maverick (Ubuntu Trusty) | Undecided | New | ||
| 1356323 | CVE-2014-5207 | linux-lts-backport-natty (Ubuntu Trusty) | Undecided | New | ||
| 1356323 | CVE-2014-5207 | linux-mvl-dove (Ubuntu Trusty) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-ti-omap4 (Ubuntu Trusty) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux (Ubuntu Precise) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-ec2 (Ubuntu Precise) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-fsl-imx51 (Ubuntu Precise) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-lts-backport-maverick (Ubuntu Precise) | Undecided | Won't Fix | ||
| 1356323 | CVE-2014-5207 | linux-lts-backport-natty (Ubuntu Precise) | Undecided | Won't Fix | ||
| 1356323 | CVE-2014-5207 | linux-mvl-dove (Ubuntu Precise) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-ti-omap4 (Ubuntu Precise) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-lts-backport-maverick (Ubuntu Lucid) | Undecided | Won't Fix | ||
| 1356323 | CVE-2014-5207 | linux-lts-backport-natty (Ubuntu Lucid) | Undecided | Won't Fix | ||
| 1356323 | CVE-2014-5207 | linux-armadaxp (Ubuntu) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-armadaxp (Ubuntu Precise) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-armadaxp (Ubuntu Trusty) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-lts-saucy (Ubuntu) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-lts-saucy (Ubuntu Precise) | High | Won't Fix | ||
| 1356323 | CVE-2014-5207 | linux-lts-saucy (Ubuntu Trusty) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-lts-quantal (Ubuntu) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-lts-quantal (Ubuntu Precise) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-lts-quantal (Ubuntu Trusty) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-lts-raring (Ubuntu) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-lts-raring (Ubuntu Precise) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-lts-raring (Ubuntu Trusty) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-lts-trusty (Ubuntu) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-lts-trusty (Ubuntu Precise) | High | Fix Released | ||
| 1356323 | CVE-2014-5207 | linux-lts-trusty (Ubuntu Trusty) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux (Ubuntu Vivid) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-armadaxp (Ubuntu Vivid) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-ec2 (Ubuntu Vivid) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-fsl-imx51 (Ubuntu Vivid) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-lts-backport-maverick (Ubuntu Vivid) | Undecided | New | ||
| 1356323 | CVE-2014-5207 | linux-lts-backport-natty (Ubuntu Vivid) | Undecided | New | ||
| 1356323 | CVE-2014-5207 | linux-lts-quantal (Ubuntu Vivid) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-lts-raring (Ubuntu Vivid) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-lts-saucy (Ubuntu Vivid) | High | Invalid | ||
| 1356323 | CVE-2014-5207 | linux-lts-trusty (Ubuntu Vivid) | High | Invalid | ||
Bug #1356396: linux: 3.13.0-34.60 -proposed tracker
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1356396 | linux: 3.13.0-34.60 -proposed tracker | linux (Ubuntu) | Undecided | Invalid | ||
| 1356396 | linux: 3.13.0-34.60 -proposed tracker | linux (Ubuntu Trusty) | Medium | Fix Released | ||
| 1356396 | linux: 3.13.0-34.60 -proposed tracker | Kernel SRU Workflow | Medium | Fix Released | ||
| 1356396 | linux: 3.13.0-34.60 -proposed tracker | Kernel SRU Workflow certification-testing | Medium | Invalid | ||
| 1356396 | linux: 3.13.0-34.60 -proposed tracker | Kernel SRU Workflow automated-testing | Medium | Invalid | ||
| 1356396 | linux: 3.13.0-34.60 -proposed tracker | Kernel SRU Workflow prepare-package | Medium | Fix Released | ||
| 1356396 | linux: 3.13.0-34.60 -proposed tracker | Kernel SRU Workflow prepare-package-meta | Medium | Fix Released | ||
| 1356396 | linux: 3.13.0-34.60 -proposed tracker | Kernel SRU Workflow prepare-package-signed | Medium | Fix Released | ||
| 1356396 | linux: 3.13.0-34.60 -proposed tracker | Kernel SRU Workflow promote-to-proposed | Medium | Fix Released | ||
| 1356396 | linux: 3.13.0-34.60 -proposed tracker | Kernel SRU Workflow promote-to-security | Medium | Fix Released | ||
| 1356396 | linux: 3.13.0-34.60 -proposed tracker | Kernel SRU Workflow promote-to-updates | Medium | Fix Released | ||
| 1356396 | linux: 3.13.0-34.60 -proposed tracker | Kernel SRU Workflow regression-testing | Medium | Invalid | ||
| 1356396 | linux: 3.13.0-34.60 -proposed tracker | Kernel SRU Workflow security-signoff | Medium | Fix Released | ||
| 1356396 | linux: 3.13.0-34.60 -proposed tracker | Kernel SRU Workflow verification-testing | Medium | Fix Released | ||
Bug #1356403: linux: 3.16.0-8.13 -proposed tracker
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1356403 | linux: 3.16.0-8.13 -proposed tracker | linux (Ubuntu) | Medium | Fix Released | ||
| 1356403 | linux: 3.16.0-8.13 -proposed tracker | linux (Ubuntu Utopic) | Medium | Fix Released | ||
| 1356403 | linux: 3.16.0-8.13 -proposed tracker | Kernel Development Workflow | Medium | Fix Released | ||
| 1356403 | linux: 3.16.0-8.13 -proposed tracker | Kernel Development Workflow automated-testing | Medium | Won't Fix | ||
| 1356403 | linux: 3.16.0-8.13 -proposed tracker | Kernel Development Workflow prepare-package | Medium | Fix Released | ||
| 1356403 | linux: 3.16.0-8.13 -proposed tracker | Kernel Development Workflow prepare-package-meta | Medium | Fix Released | ||
| 1356403 | linux: 3.16.0-8.13 -proposed tracker | Kernel Development Workflow prepare-package-signed | Medium | Fix Released | ||
| 1356403 | linux: 3.16.0-8.13 -proposed tracker | Kernel Development Workflow promote-to-release | Medium | Fix Released | ||
Bug #1358344: linux-keystone: 3.13.0-10.15 -proposed tracker
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1358344 | linux-keystone: 3.13.0-10.15 -proposed tracker | linux-keystone (Ubuntu) | Medium | Invalid | ||
| 1358344 | linux-keystone: 3.13.0-10.15 -proposed tracker | linux-keystone (Ubuntu Trusty) | Medium | Fix Released | ||
| 1358344 | linux-keystone: 3.13.0-10.15 -proposed tracker | Kernel SRU Workflow | Medium | Fix Released | ||
| 1358344 | linux-keystone: 3.13.0-10.15 -proposed tracker | Kernel SRU Workflow certification-testing | Medium | Invalid | ||
| 1358344 | linux-keystone: 3.13.0-10.15 -proposed tracker | Kernel SRU Workflow automated-testing | Medium | Won't Fix | ||
| 1358344 | linux-keystone: 3.13.0-10.15 -proposed tracker | Kernel SRU Workflow prepare-package | Medium | Fix Released | ||
| 1358344 | linux-keystone: 3.13.0-10.15 -proposed tracker | Kernel SRU Workflow prepare-package-meta | Medium | Fix Released | ||
| 1358344 | linux-keystone: 3.13.0-10.15 -proposed tracker | Kernel SRU Workflow promote-to-proposed | Medium | Fix Released | ||
| 1358344 | linux-keystone: 3.13.0-10.15 -proposed tracker | Kernel SRU Workflow promote-to-security | Medium | Fix Released | ||
| 1358344 | linux-keystone: 3.13.0-10.15 -proposed tracker | Kernel SRU Workflow promote-to-updates | Medium | Fix Released | ||
| 1358344 | linux-keystone: 3.13.0-10.15 -proposed tracker | Kernel SRU Workflow regression-testing | Medium | Fix Released | ||
| 1358344 | linux-keystone: 3.13.0-10.15 -proposed tracker | Kernel SRU Workflow security-signoff | Medium | Invalid | ||
| 1358344 | linux-keystone: 3.13.0-10.15 -proposed tracker | Kernel SRU Workflow upload-to-ppa | Medium | Invalid | ||
| 1358344 | linux-keystone: 3.13.0-10.15 -proposed tracker | Kernel SRU Workflow verification-testing | Medium | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
