CVE-2015-8952

Опубликовано: 22 авг. 2016

Источник: redhat

CVSS3: 5.5

CVSS2: 4.9

EPSS Низкий

Описание

The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba.

A design flaw was found in the file extended attribute handling of the Linux kernel's handling of cached attributes. Too many entries in the cache cause a soft lockup while attempting to iterate the cache and access relevant locks.

Отчет

This issue does not affect any shiping version of Red Hat Enterprise Linux.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Will not fix
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-667

https://bugzilla.redhat.com/show_bug.cgi?id=1360968kernel: mbcache code subject to softlockup DOS in cache management

EPSS

Процентиль: 24%

0.00077

Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Связанные уязвимости

CVE-2015-8952

CVSS3: 5.5

ubuntu

больше 8 лет назад

CVE-2015-8952

CVSS3: 5.5

nvd

больше 8 лет назад

CVE-2015-8952

CVSS3: 5.5

debian

больше 8 лет назад

The mbcache feature in the ext2 and ext4 filesystem implementations in ...

GHSA-r248-wpg2-5hw4

CVSS3: 5.5

github

около 3 лет назад

ELSA-2017-3533

oracle-oval

около 8 лет назад

ELSA-2017-3533: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 24%

0.00077

Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2