Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-8171

Опубликовано: 21 апр. 2015
Источник: redhat
CVSS2: 5.7
EPSS Низкий

Описание

The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.

It was found that the Linux kernel memory resource controller's (memcg) handling of OOM (out of memory) conditions could lead to deadlocks. An attacker able to continuously spawn new processes within a single memory-constrained cgroup during an OOM event could use this flaw to lock up the system.

Отчет

This issue does not affect the Linux kernel versions as shipped with Red Hat Enterprise Linux 5. This issue does affect the Linux kernel versions as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future updates may address this issue in the respective releases.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelFixedRHSA-2015:086421.04.2015
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2015:241119.11.2015
Red Hat Enterprise Linux 7kernelFixedRHSA-2015:215219.11.2015
Red Hat Enterprise MRG 2kernel-rtFixedRHSA-2016:006826.01.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-833
https://bugzilla.redhat.com/show_bug.cgi?id=1198109kernel: memcg: OOM handling DoS

EPSS

Процентиль: 15%
0.00049
Низкий

5.7 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-8171

CVSS3: 5.5
ubuntu
больше 7 лет назад

The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.

nvd логотип

CVE-2014-8171

CVSS3: 5.5
nvd
больше 7 лет назад

The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.

debian логотип

CVE-2014-8171

CVSS3: 5.5
debian
больше 7 лет назад

The memory resource controller (aka memcg) in the Linux kernel allows ...

github логотип

GHSA-fj89-88c3-v65v

CVSS3: 5.5
github
около 3 лет назад

The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.

oracle-oval логотип

ELSA-2015-3032

oracle-oval
около 10 лет назад

ELSA-2015-3032: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 15%
0.00049
Низкий

5.7 Medium

CVSS2