Your submission was sent successfully! Close

CVE-2014-9645

Published: 12 March 2017

The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
busybox
Launchpad, Ubuntu, Debian
Upstream
Released (1:1.22.0-15)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(1:1.22.0-15ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1:1.22.0-15ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1:1.22.0-15ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(1:1.22.0-15ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1:1.21.0-1ubuntu1.4)
Patches:
Upstream: http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47a4451aec59262b