DEBIAN-CVE-2014-8989

DEBIAN-CVE-2014-8989 PUBLISHED

The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a "negative groups" issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c.

Affected Products

Vendor	Product	Versions
Debian:13	linux	0, 0, 0
Debian:14	linux	0, 0, 0
Debian:12	linux	0, 0, 0
Debian:11	linux	0, 0, 0

Timeline

Nov 30, 2014 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2014-8989 advisory

Open in Interactive Console →