Vulnerability Name:

CVE-2014-9922 (CCN-131451)

Assigned:2017-03-01
Published:2017-03-01
Updated:2017-07-11
Summary:The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2014-9922

Source: CONFIRM
Type: Issue Tracking, Patch, Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=69c433ed2ecd2d3264efd7afec4439524b319121

Source: CONFIRM
Type: Patch, Third Party Advisory
http://source.android.com/security/bulletin/2017-04-01.html

Source: BID
Type: Third Party Advisory, VDB Entry
97354

Source: CCN
Type: BID-97354
Linux Kernel CVE-2014-9922 Multiple Local Privilege Escalation Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1038201

Source: XF
Type: UNKNOWN
linux-kernel-cve20149922-priv-esc(131451)

Source: CONFIRM
Type: Issue Tracking, Patch, Third Party Advisory
https://github.com/torvalds/linux/commit/69c433ed2ecd2d3264efd7afec4439524b319121

Source: CCN
Type: Android Open Source Project
Android Security Bulletin—April 2017

Source: CCN
Type: Linux Kernel Web site
The Linux Kernel Archives

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version <= 3.17.8)

  • Configuration 2:
  • cpe:/o:google:android:*:*:*:*:*:*:*:* (Version <= 7.1.1)

  • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:3.17:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20149922
    V
    CVE-2014-9922
    2023-02-11
    oval:org.opensuse.security:def:34620
    P
    Security update for kernel-firmware (Low)
    2021-12-30
    oval:org.opensuse.security:def:31330
    P
    Security update for xorg-x11-server (Important)
    2021-12-14
    oval:org.opensuse.security:def:34004
    P
    Security update for ruby2.1 (Important)
    2021-12-01
    oval:org.opensuse.security:def:30265
    P
    Security update for pcre (Moderate)
    2021-11-10
    oval:org.opensuse.security:def:31286
    P
    Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)
    2021-10-18
    oval:org.opensuse.security:def:35269
    P
    Security update for python-reportlab (Moderate)
    2021-09-23
    oval:org.opensuse.security:def:33715
    P
    Security update for mariadb (Moderate)
    2021-09-09
    oval:org.opensuse.security:def:34536
    P
    Security update for mariadb (Moderate)
    2021-09-09
    oval:org.opensuse.security:def:31265
    P
    Security update for xen (Important)
    2021-09-06
    oval:org.opensuse.security:def:34525
    P
    Security update for gstreamer-plugins-good (Moderate)
    2021-09-02
    oval:org.opensuse.security:def:34524
    P
    Security update for openexr (Important)
    2021-09-02
    oval:org.opensuse.security:def:31226
    P
    Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)
    2021-07-21
    oval:org.opensuse.security:def:33947
    P
    Security update for curl (Moderate)
    2021-07-21
    oval:org.opensuse.security:def:30210
    P
    Security update for ucode-intel (Important)
    2021-06-10
    oval:org.opensuse.security:def:34421
    P
    Security update for java-1_7_0-openjdk (Moderate)
    2021-04-29
    oval:org.opensuse.security:def:33632
    P
    Security update for glibc (Important)
    2021-04-13
    oval:org.opensuse.security:def:30057
    P
    Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)
    2021-04-12
    oval:org.opensuse.security:def:34465
    P
    Security update for mutt (Moderate)
    2021-01-22
    oval:org.opensuse.security:def:31177
    P
    Security update for dnsmasq (Important)
    2021-01-19
    oval:org.opensuse.security:def:33621
    P
    Security update for openssl-1_0_0 (Important)
    2020-12-09
    oval:org.opensuse.security:def:33620
    P
    Security update for xen (Important)
    2020-12-07
    oval:org.opensuse.security:def:31091
    P
    Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)
    2020-12-07
    oval:org.opensuse.security:def:32006
    P
    Security update for mutt (Important)
    2020-12-07
    oval:org.opensuse.security:def:29300
    P
    Security update for python-cryptography (Moderate)
    2020-12-04
    oval:org.opensuse.security:def:36017
    P
    perl-spamassassin-3.3.1-10.8.3 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:36058
    P
    xdg-utils-1.0.2-36.18 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:34855
    P
    Security update for cairo (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35220
    P
    Security update for libksba (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35379
    P
    Security update for ntp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26710
    P
    gnome-screensaver on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26994
    P
    nagios on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27339
    P
    xterm on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27485
    P
    libsnmp15-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27563
    P
    rubygem-rdoc on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27767
    P
    Security update for IBM Java
    2020-12-01
    oval:org.opensuse.security:def:28141
    P
    Security update for java-1_7_1-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:28296
    P
    Security update for ncurses (Important)
    2020-12-01
    oval:org.opensuse.security:def:27914
    P
    Security update for xfsprogs (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28267
    P
    Security update for mercurial (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28560
    P
    Security update for hplip
    2020-12-01
    oval:org.opensuse.security:def:29294
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:27856
    P
    Security update for postgresql94 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28189
    P
    Security update for krb5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28527
    P
    Security update for wget (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29264
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:29611
    P
    Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:29914
    P
    Security update for libcdio (Low)
    2020-12-01
    oval:org.opensuse.security:def:30416
    P
    Security update for xorg-x11-libXext
    2020-12-01
    oval:org.opensuse.security:def:30514
    P
    Security update for freetype2
    2020-12-01
    oval:org.opensuse.security:def:30732
    P
    Security update for OpenEXR (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31121
    P
    Security update for krb5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:34093
    P
    Security update for microcode_ctl (Important)
    2020-12-01
    oval:org.opensuse.security:def:34396
    P
    Security update for unzip (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35143
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:34912
    P
    Security update for e2fsprogs (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26721
    P
    java-1_6_0-ibm on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27051
    P
    vte on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27388
    P
    dbus-1-glib-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28123
    P
    Security update for gtk2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27564
    P
    rubygem-sprockets-2_2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27849
    P
    Security update for openssl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28194
    P
    Security update for libcgroup1 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28340
    P
    Security update for php53 (Important)
    2020-12-01
    oval:org.opensuse.security:def:27838
    P
    Security update for Mozilla NSS
    2020-12-01
    oval:org.opensuse.security:def:28042
    P
    Security update for curl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28419
    P
    Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28576
    P
    Security update for libotr
    2020-12-01
    oval:org.opensuse.security:def:27920
    P
    Security update for xorg-x11-libXp
    2020-12-01
    oval:org.opensuse.security:def:28273
    P
    Security update for mozilla-nspr (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28566
    P
    Security update for Linux kernel
    2020-12-01
    oval:org.opensuse.security:def:29622
    P
    Security update for bsdtar (Important)
    2020-12-01
    oval:org.opensuse.security:def:29971
    P
    Security update for LibreOffice
    2020-12-01
    oval:org.opensuse.security:def:30314
    P
    Security update for tcpdump (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31054
    P
    Security update for the Linux kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:30515
    P
    Security update for ghostscript
    2020-12-01
    oval:org.opensuse.security:def:30822
    P
    Security update for cups (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33851
    P
    Security update for icu (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:34250
    P
    Security update for postgresql10 (Low)
    2020-12-01
    oval:org.opensuse.security:def:35002
    P
    Security update for glibc (Important)
    2020-12-01
    oval:org.opensuse.security:def:35308
    P
    Security update for lxc (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26785
    P
    mozilla-xulrunner192 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27135
    P
    gmime on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27427
    P
    kopete-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28158
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:27575
    P
    unixODBC_23-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27906
    P
    Security update for Xen
    2020-12-01
    oval:org.opensuse.security:def:28243
    P
    Security update for libxml2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28978
    P
    Security update for socat (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27839
    P
    Security update for mysql (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28126
    P
    Security update for icu (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28472
    P
    Security update for xorg-x11-libs (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28620
    P
    Security update for xorg-x11-libXt
    2020-12-01
    oval:org.opensuse.security:def:27844
    P
    Security update for mozilla-nspr, mozilla-nss
    2020-12-01
    oval:org.opensuse.security:def:28048
    P
    Security update for curl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28425
    P
    Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28582
    P
    Security update for libssh2
    2020-12-01
    oval:org.opensuse.security:def:29695
    P
    Security update for expat (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30353
    P
    Security update for w3m
    2020-12-01
    oval:org.opensuse.security:def:30526
    P
    Security update for jakarta
    2020-12-01
    oval:org.opensuse.security:def:30879
    P
    Security update for fetchmail (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31968
    P
    Security update for ipmitool (Important)
    2020-12-01
    oval:org.opensuse.security:def:34308
    P
    Security update for quota
    2020-12-01
    oval:org.opensuse.security:def:34756
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:35161
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:35335
    P
    Security update for mozilla-nspr (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26709
    P
    gmime on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26913
    P
    guestfs-data on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27286
    P
    rsyslog on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27441
    P
    libdrm-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27639
    P
    Security update for pixman
    2020-12-01
    oval:org.opensuse.security:def:27990
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:28282
    P
    Security update for mysql (Important)
    2020-12-01
    oval:org.opensuse.security:def:29013
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:27850
    P
    Security update for osc (Low)
    2020-12-01
    oval:org.opensuse.security:def:28183
    P
    Security update for various KMPs (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28521
    P
    Security update for openvpn-openssl1 (Important)
    2020-12-01
    oval:org.opensuse.security:def:29258
    P
    Security update for tomcat6 (Important)
    2020-12-01
    oval:org.opensuse.security:def:27845
    P
    Recommended update for openldap2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28132
    P
    Security update for jasper (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28478
    P
    Security update for zlib (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28626
    P
    Security update for Mozilla Firefox
    2020-12-01
    oval:org.opensuse.security:def:29610
    P
    Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:29827
    P
    Security update for java-1_6_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:30372
    P
    Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30600
    P
    Security update for PostgreSQL
    2020-12-01
    oval:org.opensuse.security:def:30966
    P
    Security update for grub2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:34357
    P
    Security update for system-config-printer (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35103
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:com.ubuntu.artful:def:20149922000
    V
    CVE-2014-9922 on Ubuntu 17.10 (artful) - medium.
    2017-04-04
    oval:com.ubuntu.precise:def:20149922000
    V
    CVE-2014-9922 on Ubuntu 12.04 LTS (precise) - medium.
    2017-04-04
    oval:com.ubuntu.xenial:def:201499220000000
    V
    CVE-2014-9922 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-04-04
    oval:com.ubuntu.trusty:def:20149922000
    V
    CVE-2014-9922 on Ubuntu 14.04 LTS (trusty) - medium.
    2017-04-04
    oval:com.ubuntu.xenial:def:20149922000
    V
    CVE-2014-9922 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-04-04
    BACK
    linux linux kernel *
    google android *
    linux linux kernel 3.17