Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-7509

Опубликовано: 24 нояб. 2015
Источник: redhat
CVSS2: 6
EPSS Низкий

Описание

fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015.

A flaw was found in the way the Linux kernel's ext4 file system driver handled non-journal file systems with an orphan list. An attacker with physical access to the system could use this flaw to crash the system or, although unlikely, escalate their privileges on the system.

Отчет

This problem did not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. This issue is not planned to be corrected in future updates for Red Hat Enterprise Linux 5. This issue is rated low as exploiting it requires physical (to plug in specially prepared usb disk) or root (to mount specially prepared filesystem) access to the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelWill not fix
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise MRG 2realtime-kernelNot affected
Red Hat Enterprise Linux 6kernelFixedRHSA-2016:085510.05.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-250
https://bugzilla.redhat.com/show_bug.cgi?id=1259222kernel: Mounting ext2 fs e2fsprogs/tests/f_orphan as ext4 crashes system

EPSS

Процентиль: 26%
0.00084
Низкий

6 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-7509

CVSS3: 4.4
ubuntu
больше 9 лет назад

fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015.

nvd логотип

CVE-2015-7509

CVSS3: 4.4
nvd
больше 9 лет назад

fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015.

debian логотип

CVE-2015-7509

CVSS3: 4.4
debian
больше 9 лет назад

fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proxi ...

github логотип

GHSA-35m7-pw2x-j9f6

CVSS3: 4.4
github
около 3 лет назад

fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015.

oracle-oval логотип

ELSA-2016-3566

oracle-oval
около 9 лет назад

ELSA-2016-3566: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 26%
0.00084
Низкий

6 Medium

CVSS2

Уязвимость CVE-2015-7509