Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-7822

Опубликовано: 28 янв. 2015
Источник: redhat
CVSS2: 4.9

Описание

The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.

A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system.

Отчет

This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this flaw.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1163792kernel: splice: lack of generic write checks

4.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-7822

ubuntu
почти 11 лет назад

The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.

nvd логотип

CVE-2014-7822

nvd
почти 11 лет назад

The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.

debian логотип

CVE-2014-7822

debian
почти 11 лет назад

The implementation of certain splice_write file operations in the Linu ...

github логотип

GHSA-wjhv-8fw8-jxw2

github
больше 3 лет назад

The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.

oracle-oval логотип

ELSA-2015-0164

oracle-oval
почти 11 лет назад

ELSA-2015-0164: kernel security and bug fix update (MODERATE)

4.9 Medium

CVSS2