CVE-2014-8989

Severity

Theme

CVE-2014-8989

medium

New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a "negative groups" issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c.

ID	Name	Product	Family	Severity
127146	NewStart CGSL MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0004)	Nessus	NewStart CGSL Local Security Checks	critical
124974	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1521)	Nessus	Huawei Local Security Checks	critical
99163	OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)	Nessus	OracleVM Local Security Checks	critical
88605	openSUSE Security Update : the Linux Kernel (openSUSE-2016-136)	Nessus	SuSE Local Security Checks	high
88545	openSUSE Security Update : the Linux Kernel (openSUSE-2016-124)	Nessus	SuSE Local Security Checks	high
85188	OracleVM 3.3 : kernel-uek (OVMSA-2015-0109)	Nessus	OracleVM Local Security Checks	critical
85177	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3064)	Nessus	Oracle Linux Local Security Checks	medium
81941	Mandriva Linux Security Advisory : kernel (MDVSA-2015:058)	Nessus	Mandriva Local Security Checks	high
81646	Ubuntu 14.04 LTS : linux vulnerabilities (USN-2516-3)	Nessus	Ubuntu Local Security Checks	medium
81645	Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-2)	Nessus	Ubuntu Local Security Checks	medium
81590	Ubuntu 14.04 LTS : linux vulnerability (USN-2516-2)	Nessus	Ubuntu Local Security Checks	medium
81571	Ubuntu 14.10 : linux vulnerabilities (USN-2518-1)	Nessus	Ubuntu Local Security Checks	medium
81570	Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2517-1)	Nessus	Ubuntu Local Security Checks	medium
81569	Ubuntu 14.04 LTS : linux vulnerabilities (USN-2516-1)	Nessus	Ubuntu Local Security Checks	medium
81568	Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-1)	Nessus	Ubuntu Local Security Checks	medium
81322	Amazon Linux AMI : kernel (ALAS-2015-476)	Nessus	Amazon Linux Local Security Checks	high
80465	Fedora 20 : kernel-3.17.8-200.fc20 (2015-0515)	Nessus	Fedora Local Security Checks	high
80452	Fedora 21 : kernel-3.17.8-300.fc21 (2015-0517)	Nessus	Fedora Local Security Checks	high

CVE-2014-8989

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical

critical

high

high

critical

medium

high

medium

medium

medium

medium

medium

medium

medium

high

high

high