Vulnerability Name: | CVE-2014-8172 (CCN-101485) | ||||||||||||||||||||||||
Assigned: | 2013-11-09 | ||||||||||||||||||||||||
Published: | 2013-11-09 | ||||||||||||||||||||||||
Updated: | 2015-03-24 | ||||||||||||||||||||||||
Summary: | The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service (soft lockup or system crash) via unspecified use of Asynchronous I/O (AIO) operations. | ||||||||||||||||||||||||
CVSS v3 Severity: | 6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
| ||||||||||||||||||||||||
CVSS v2 Severity: | 4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C) 3.7 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
3.7 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||
Vulnerability Type: | CWE-17 | ||||||||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2014-8172 Source: CONFIRM Type: UNKNOWN http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=eee5cc2702929fd41cce28058dc6d6717f723f87 Source: CCN Type: Linux Kernel GIT Repository get rid of s_files and files_lock Source: REDHAT Type: UNKNOWN RHSA-2015:0290 Source: CCN Type: RHSA-2015-0694 Important: kernel-rt security, bug fix, and enhancement update Source: REDHAT Type: UNKNOWN RHSA-2015:0694 Source: CCN Type: oss-security Mailing List, Mon, 09 Mar 2015 16:24:56 +0000 CVE-2014-8172 Source: CCN Type: IBM Security Bulletin T1022146 Multiple Kernel vulnerabilities affect PowerKVM (Multiple CVEs) Source: MLIST Type: UNKNOWN [oss-security] 20150309 CVE-2014-8172 Source: CCN Type: BID-72994 Linux Kernel 'fs/file_table.c' Local Denial of Service Vulnerability Source: CCN Type: Red Hat Bugzilla Bug 1198503 (CVE-2014-8172) CVE-2014-8172 kernel: soft lockup on aio Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=1198503 Source: XF Type: UNKNOWN linux-kernel-cve20148172-dos(101485) Source: CONFIRM Type: UNKNOWN https://github.com/torvalds/linux/commit/eee5cc2702929fd41cce28058dc6d6717f723f87 Source: CCN Type: WhiteSource Vulnerability Database CVE-2014-8172 | ||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
BACK |