Vulnerability CVE-2014-9922

Vulnerability Name:

CVE-2014-9922 (CCN-131451)

Assigned:

2017-03-01

Published:

2017-03-01

Updated:

2017-07-11

Summary:

The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-264

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2014-9922

Source: CONFIRM
Type: Issue Tracking, Patch, Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=69c433ed2ecd2d3264efd7afec4439524b319121

Source: CONFIRM
Type: Patch, Third Party Advisory
http://source.android.com/security/bulletin/2017-04-01.html

Source: BID
Type: Third Party Advisory, VDB Entry
97354

Source: CCN
Type: BID-97354
Linux Kernel CVE-2014-9922 Multiple Local Privilege Escalation Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1038201

Source: XF
Type: UNKNOWN
linux-kernel-cve20149922-priv-esc(131451)

Source: CONFIRM
Type: Issue Tracking, Patch, Third Party Advisory
https://github.com/torvalds/linux/commit/69c433ed2ecd2d3264efd7afec4439524b319121

Source: CCN
Type: Android Open Source Project
Android Security BulletinApril 2017

Source: CCN
Type: Linux Kernel Web site
The Linux Kernel Archives

Vulnerable Configuration:

Configuration 1:

cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version <= 3.17.8)

Configuration 2:

cpe:/o:google:android:*:*:*:*:*:*:*:* (Version <= 7.1.1)

Configuration CCN 1:

cpe:/o:linux:linux_kernel:3.17:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20149922	V	CVE-2014-9922	2023-02-11
oval:org.opensuse.security:def:34620	P	Security update for kernel-firmware (Low)	2021-12-30
oval:org.opensuse.security:def:31330	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:34004	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:30265	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:31286	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-10-18
oval:org.opensuse.security:def:35269	P	Security update for python-reportlab (Moderate)	2021-09-23
oval:org.opensuse.security:def:33715	P	Security update for mariadb (Moderate)	2021-09-09
oval:org.opensuse.security:def:34536	P	Security update for mariadb (Moderate)	2021-09-09
oval:org.opensuse.security:def:31265	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:34525	P	Security update for gstreamer-plugins-good (Moderate)	2021-09-02
oval:org.opensuse.security:def:34524	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:31226	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:33947	P	Security update for curl (Moderate)	2021-07-21
oval:org.opensuse.security:def:30210	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:34421	P	Security update for java-1_7_0-openjdk (Moderate)	2021-04-29
oval:org.opensuse.security:def:33632	P	Security update for glibc (Important)	2021-04-13
oval:org.opensuse.security:def:30057	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)	2021-04-12
oval:org.opensuse.security:def:34465	P	Security update for mutt (Moderate)	2021-01-22
oval:org.opensuse.security:def:31177	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:33621	P	Security update for openssl-1_0_0 (Important)	2020-12-09
oval:org.opensuse.security:def:33620	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:31091	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:32006	P	Security update for mutt (Important)	2020-12-07
oval:org.opensuse.security:def:29300	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:36017	P	perl-spamassassin-3.3.1-10.8.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:36058	P	xdg-utils-1.0.2-36.18 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:34855	P	Security update for cairo (Moderate)	2020-12-01
oval:org.opensuse.security:def:35220	P	Security update for libksba (Moderate)	2020-12-01
oval:org.opensuse.security:def:35379	P	Security update for ntp (Moderate)	2020-12-01
oval:org.opensuse.security:def:26710	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26994	P	nagios on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27339	P	xterm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27485	P	libsnmp15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27563	P	rubygem-rdoc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27767	P	Security update for IBM Java	2020-12-01
oval:org.opensuse.security:def:28141	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:28296	P	Security update for ncurses (Important)	2020-12-01
oval:org.opensuse.security:def:27914	P	Security update for xfsprogs (Moderate)	2020-12-01
oval:org.opensuse.security:def:28267	P	Security update for mercurial (Moderate)	2020-12-01
oval:org.opensuse.security:def:28560	P	Security update for hplip	2020-12-01
oval:org.opensuse.security:def:29294	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27856	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28189	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28527	P	Security update for wget (Moderate)	2020-12-01
oval:org.opensuse.security:def:29264	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:29611	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:29914	P	Security update for libcdio (Low)	2020-12-01
oval:org.opensuse.security:def:30416	P	Security update for xorg-x11-libXext	2020-12-01
oval:org.opensuse.security:def:30514	P	Security update for freetype2	2020-12-01
oval:org.opensuse.security:def:30732	P	Security update for OpenEXR (Moderate)	2020-12-01
oval:org.opensuse.security:def:31121	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:34093	P	Security update for microcode_ctl (Important)	2020-12-01
oval:org.opensuse.security:def:34396	P	Security update for unzip (Moderate)	2020-12-01
oval:org.opensuse.security:def:35143	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:34912	P	Security update for e2fsprogs (Moderate)	2020-12-01
oval:org.opensuse.security:def:26721	P	java-1_6_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27051	P	vte on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27388	P	dbus-1-glib-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28123	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27564	P	rubygem-sprockets-2_2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27849	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:28194	P	Security update for libcgroup1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28340	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:27838	P	Security update for Mozilla NSS	2020-12-01
oval:org.opensuse.security:def:28042	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:28419	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:28576	P	Security update for libotr	2020-12-01
oval:org.opensuse.security:def:27920	P	Security update for xorg-x11-libXp	2020-12-01
oval:org.opensuse.security:def:28273	P	Security update for mozilla-nspr (Moderate)	2020-12-01
oval:org.opensuse.security:def:28566	P	Security update for Linux kernel	2020-12-01
oval:org.opensuse.security:def:29622	P	Security update for bsdtar (Important)	2020-12-01
oval:org.opensuse.security:def:29971	P	Security update for LibreOffice	2020-12-01
oval:org.opensuse.security:def:30314	P	Security update for tcpdump (Moderate)	2020-12-01
oval:org.opensuse.security:def:31054	P	Security update for the Linux kernel (Important)	2020-12-01
oval:org.opensuse.security:def:30515	P	Security update for ghostscript	2020-12-01
oval:org.opensuse.security:def:30822	P	Security update for cups (Moderate)	2020-12-01
oval:org.opensuse.security:def:33851	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:34250	P	Security update for postgresql10 (Low)	2020-12-01
oval:org.opensuse.security:def:35002	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:35308	P	Security update for lxc (Moderate)	2020-12-01
oval:org.opensuse.security:def:26785	P	mozilla-xulrunner192 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27135	P	gmime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27427	P	kopete-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28158	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27575	P	unixODBC_23-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27906	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:28243	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28978	P	Security update for socat (Moderate)	2020-12-01
oval:org.opensuse.security:def:27839	P	Security update for mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:28126	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:28472	P	Security update for xorg-x11-libs (Moderate)	2020-12-01
oval:org.opensuse.security:def:28620	P	Security update for xorg-x11-libXt	2020-12-01
oval:org.opensuse.security:def:27844	P	Security update for mozilla-nspr, mozilla-nss	2020-12-01
oval:org.opensuse.security:def:28048	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:28425	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:28582	P	Security update for libssh2	2020-12-01
oval:org.opensuse.security:def:29695	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:30353	P	Security update for w3m	2020-12-01
oval:org.opensuse.security:def:30526	P	Security update for jakarta	2020-12-01
oval:org.opensuse.security:def:30879	P	Security update for fetchmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:31968	P	Security update for ipmitool (Important)	2020-12-01
oval:org.opensuse.security:def:34308	P	Security update for quota	2020-12-01
oval:org.opensuse.security:def:34756	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:35161	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:35335	P	Security update for mozilla-nspr (Moderate)	2020-12-01
oval:org.opensuse.security:def:26709	P	gmime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26913	P	guestfs-data on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27286	P	rsyslog on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27441	P	libdrm-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27639	P	Security update for pixman	2020-12-01
oval:org.opensuse.security:def:27990	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:28282	P	Security update for mysql (Important)	2020-12-01
oval:org.opensuse.security:def:29013	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27850	P	Security update for osc (Low)	2020-12-01
oval:org.opensuse.security:def:28183	P	Security update for various KMPs (Moderate)	2020-12-01
oval:org.opensuse.security:def:28521	P	Security update for openvpn-openssl1 (Important)	2020-12-01
oval:org.opensuse.security:def:29258	P	Security update for tomcat6 (Important)	2020-12-01
oval:org.opensuse.security:def:27845	P	Recommended update for openldap2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28132	P	Security update for jasper (Moderate)	2020-12-01
oval:org.opensuse.security:def:28478	P	Security update for zlib (Moderate)	2020-12-01
oval:org.opensuse.security:def:28626	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:29610	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:29827	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:30372	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:30600	P	Security update for PostgreSQL	2020-12-01
oval:org.opensuse.security:def:30966	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:34357	P	Security update for system-config-printer (Moderate)	2020-12-01
oval:org.opensuse.security:def:35103	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:com.ubuntu.artful:def:20149922000	V	CVE-2014-9922 on Ubuntu 17.10 (artful) - medium.	2017-04-04
oval:com.ubuntu.precise:def:20149922000	V	CVE-2014-9922 on Ubuntu 12.04 LTS (precise) - medium.	2017-04-04
oval:com.ubuntu.xenial:def:201499220000000	V	CVE-2014-9922 on Ubuntu 16.04 LTS (xenial) - medium.	2017-04-04
oval:com.ubuntu.trusty:def:20149922000	V	CVE-2014-9922 on Ubuntu 14.04 LTS (trusty) - medium.	2017-04-04
oval:com.ubuntu.xenial:def:20149922000	V	CVE-2014-9922 on Ubuntu 16.04 LTS (xenial) - medium.	2017-04-04

BACK