1. Home
  2. Vulnerabilities
  3. CVE-2014-5045

CVE-2014-5045

CVSS v2.0 6.2 (Medium)
62% Progress
EPSS 0.04 % (5th)
0.04% Progress
Affected Products 4
Advisories 28
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program.

Weaknesses
CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2014-08-01 11:13:09
(10 years ago)
Updated Date
2023-11-07 02:20:42
(10 months ago)

Affected Products

Linux

Redhat

Configuration #1

    CPE23 From Up To
  Linux Kernel prior 3.15.8 version cpe:2.3:o:linux:linux_kernel < 3.15.8

Configuration #2

    CPE23 From Up To
  Redhat Enterprise Linux Eus 6.5 cpe:2.3:o:redhat:enterprise_linux_eus:6.5
  Redhat Enterprise Linux Server Aus 6.5 cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5
  Redhat Enterprise Linux Server Tus 6.5 cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5