CVE-2015-8839

Опубликовано: 31 мар. 2016

Источник: redhat

CVSS2: 4.7

Описание

Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling.

A flaw was found in the Linux kernel when attempting to "punch a hole" in files existing on an ext4 filesystem. When punching holes into a file races with the page fault of the same area, it is possible that freed blocks remain referenced from page cache pages mapped to process' address space.

Отчет

This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7 and MRG-2 kernels.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 4	kernel	Not affected
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2017:2077	01.08.2017
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2017:1842	01.08.2017
Red Hat Enterprise MRG 2	kernel-rt	Fixed	RHSA-2017:2669	06.09.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-362

https://bugzilla.redhat.com/show_bug.cgi?id=1323577kernel: ext4 filesystem page fault race condition with fallocate call.

4.7 Medium

CVSS2

Связанные уязвимости

CVE-2015-8839

CVSS3: 5.1

ubuntu

около 9 лет назад

CVE-2015-8839

CVSS3: 5.1

nvd

около 9 лет назад

CVE-2015-8839

CVSS3: 5.1

debian

около 9 лет назад

Multiple race conditions in the ext4 filesystem implementation in the ...

GHSA-jx35-8v43-xcjq

CVSS3: 5.1

github

около 3 лет назад

ELSA-2017-1842

oracle-oval

почти 8 лет назад

ELSA-2017-1842: kernel security, bug fix, and enhancement update (IMPORTANT)

4.7 Medium

CVSS2