CVE-2014-9710

The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339	Broken Link Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/03/24/11	Mailing List
http://www.securitytracker.com/id/1032418	Broken Link Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1205079	Issue Tracking Third Party Advisory
https://github.com/torvalds/linux/commit/5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2015-05-27 10:59

Updated : 2024-07-17 15:28

NVD link : CVE-2014-9710

Mitre link : CVE-2014-9710

CVE.ORG link : CVE-2014-9710

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

{"id": "CVE-2014-9710", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-05-27T10:59:00.063", "references": [{"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339", "tags": ["Broken Link", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2015/03/24/11", "tags": ["Mailing List"], "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id/1032418", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205079", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/torvalds/linux/commit/5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339", "tags": ["Patch"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit."}, {"lang": "es", "value": "La implementaci\u00f3n Btrfs en el kernel de Linux anterior a 3.19 no asegura que el estado xattr visible sea consistente con un remplazo solicitado, lo que permite a usuarios locales evadir las configuraciones ACL y ganar privilegios a trav\u00e9s de las operaciones del sistema de ficheros est\u00e1ndares (1) durante una ventana de tiempo de remplazo de xattr, relacionado con una condici\u00f3n de carrera o (2) despu\u00e9s de intento de remplazo de xattr que falla porque la fecha no encaja."}], "lastModified": "2024-07-17T15:28:07.730", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "910903E7-E12A-4D48-89F9-C4161D715C9E", "versionEndExcluding": "3.10.83"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3098ADB-0836-42D0-8E95-339E1EF3D9F9", "versionEndExcluding": "3.12.45", "versionStartIncluding": "3.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4424F17D-6AD4-4FE9-A029-143963887D1A", "versionEndExcluding": "3.14.47", "versionStartIncluding": "3.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DC4BA70-B111-4D2E-BC78-6601CED68F08", "versionEndExcluding": "3.16.35", "versionStartIncluding": "3.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "464FCF6E-7FDF-42F9-ABB8-EA4ADD37CD1E", "versionEndExcluding": "3.18.19", "versionStartIncluding": "3.17"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

6.9 /10