CVE-2014-9922

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=69c433ed2ecd2d3264efd7afec4439524b319121

http://source.android.com/security/bulletin/2017-04-01.html

http://www.securityfocus.com/bid/97354

http://www.securitytracker.com/id/1038201

https://github.com/torvalds/linux/commit/69c433ed2ecd2d3264efd7afec4439524b319121

Details

Source: MITRE

Published: 2017-04-04

Updated: 2017-07-11

Type: CWE-264

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 3.17.8 (inclusive)

Configuration 2

OR

cpe:2.3:o:google:android:*:*:*:*:*:*:*:* versions up to 7.1.1 (inclusive)

Tenable Plugins

View all (3 total)

IDNameProductFamilySeverity
124977EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1524)NessusHuawei Local Security Checks
high
124809EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1485)NessusHuawei Local Security Checks
high
103110SUSE SLES11 Security Update : kernel (SUSE-SU-2017:2389-1) (Stack Clash)NessusSuSE Local Security Checks
high