CVE-2014-9922

Name: CVE-2014-9922
Creator: NVD / NIST
Published: 2017-04-04T05:59:00.203+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.26%

Last modified Jun 17, 2026

CVE-2014-9922 is a vulnerability of currently unknown severity. The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.. EPSS estimates a 1.26% chance of exploitation in the next 30 days.

Description

The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.

Metrics

EPSS Probability

1.26%

65.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-264

Affected Software

Vendor	Product	Versions
Linux	Linux Kernel	<= 3.17.8
Google	Android	<= 7.1.1

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=69c433ed2ecd2d3264efd7afec4439524b319121Issue Tracking, Patch, Third Party Advisory
http://source.android.com/security/bulletin/2017-04-01.htmlPatch, Third Party Advisory
http://www.securityfocus.com/bid/97354Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1038201
https://github.com/torvalds/linux/commit/69c433ed2ecd2d3264efd7afec4439524b319121Issue Tracking, Patch, Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=69c433ed2ecd2d3264efd7afec4439524b319121Issue Tracking, Patch, Third Party Advisory
http://source.android.com/security/bulletin/2017-04-01.htmlPatch, Third Party Advisory
http://www.securityfocus.com/bid/97354Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1038201
https://github.com/torvalds/linux/commit/69c433ed2ecd2d3264efd7afec4439524b319121Issue Tracking, Patch, Third Party Advisory

Timeline

Published: Apr 4, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-9922?

How severe is CVE-2014-9922?

Severity scoring for CVE-2014-9922 is pending analysis. The EPSS model estimates a 1.26% probability of exploitation in the next 30 days.

How do I fix CVE-2014-9922?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-9922?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST