CVE-2014-8086

Опубликовано: 09 окт. 2014

Источник: redhat

CVSS2: 4.7

EPSS Низкий

Описание

Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag.

A race condition flaw was found in the Linux kernel's ext4 file system implementation that allowed a local, unprivileged user to crash the system by simultaneously writing to a file and toggling the O_DIRECT flag using fcntl(F_SETFL) on that file.

Отчет

This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. This issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this issue.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2015:0290	05.03.2015
Red Hat Enterprise MRG 2	kernel-rt	Fixed	RHSA-2015:0694	17.03.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1151353Kernel: fs: ext4 race condition

EPSS

Процентиль: 9%

0.00036

Низкий

4.7 Medium

CVSS2

Связанные уязвимости

CVE-2014-8086

CVSS3: 4.7

ubuntu

больше 10 лет назад

CVE-2014-8086

CVSS3: 4.7

nvd

больше 10 лет назад

CVE-2014-8086

CVSS3: 4.7

debian

больше 10 лет назад

Race condition in the ext4_file_write_iter function in fs/ext4/file.c ...

GHSA-9jxp-4r84-xf98

CVSS3: 4.7

github

около 3 лет назад

ELSA-2015-0290

oracle-oval

больше 10 лет назад

ELSA-2015-0290: kernel security, bug fix, and enhancement update (IMPORTANT)

EPSS

Процентиль: 9%

0.00036

Низкий

4.7 Medium

CVSS2