{
  "threat_severity" : "Moderate",
  "public_date" : "2014-07-20T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: vfs: refcount issues during unmount on symlink",
    "id" : "1122472",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1122472"
  },
  "cvss" : {
    "cvss_base_score" : "6.2",
    "cvss_scoring_vector" : "AV:L/AC:H/Au:N/C:C/I:C/A:C",
    "status" : "verified"
  },
  "details" : [ "The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program.", "A flaw was found in the way the Linux kernel's VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation." ],
  "statement" : "This issue does not affect Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5 and Red Hat Enterprise MRG 2.\nFuture Linux kernel updates for Red Hat Enterprise Linux 6 and 7 may address\nthis issue.",
  "acknowledgement" : "Red Hat would like to thank Vasily Averin (Parallels) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2014-10-13T00:00:00Z",
    "advisory" : "RHSA-2014:1392",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-504.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.5 Extended Update Support",
    "release_date" : "2015-01-20T00:00:00Z",
    "advisory" : "RHSA-2015:0062",
    "cpe" : "cpe:/o:redhat:rhel_eus:6.5",
    "package" : "kernel-0:2.6.32-431.46.2.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2014-12-09T00:00:00Z",
    "advisory" : "RHSA-2014:1971",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-123.13.1.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Not affected",
    "package_name" : "realtime-kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-5045\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5045" ],
  "name" : "CVE-2014-5045",
  "csaw" : false
}