Vulnerability CVE-2015-8374

Vulnerability Name:

CVE-2015-8374 (CCN-108371)

Assigned:

2015-10-16

Published:

2015-10-16

Updated:

2018-01-05

Summary:

fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.

CVSS v3 Severity:

4.0 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
3.5 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

3.5 Low (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-200

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2015-8374

Source: CONFIRM
Type: Vendor Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0305cd5f7fca85dae392b9ba85b116896eb7c1c7

Source: CCN
Type: RHSA-2016-2574
Important: kernel security, bug fix, and enhancement update

Source: REDHAT
Type: UNKNOWN
RHSA-2016:2574

Source: CCN
Type: RHSA-2016-2584
Important: kernel-rt security, bug fix, and enhancement update

Source: REDHAT
Type: UNKNOWN
RHSA-2016:2584

Source: CCN
Type: oss-sec Mailing List, Fri, 27 Nov 2015 15:54:23 +0100
CVE request: Linux kernel, information disclosure after file truncate on BTRFS

Source: CCN
Type: oss-sec Mailing List, Fri, 27 Nov 2015 14:23:55 -0500 (EST)
Re: CVE request: Linux kernel, information disclosure after file truncate on BTRFS

Source: DEBIAN
Type: UNKNOWN
DSA-3426

Source: CCN
Type: IBM Security Bulletin N1022174 (Server Firmware, HMC and SDMC)
Vulnerabilities in kernel affect Power Hardware Management Console

Source: CCN
Type: IBM Security Bulletin S1012277 (Storwize V7000 (2076))
Multiple vulnerabilities in Linux Kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Source: CCN
Type: IBM Security Bulletin 2004744 (QRadar Network Security)
IBM QRadar Network Security is affected by multiple vulnerabilities in Linux Kernel

Source: CCN
Type: IBM Security Bulletin 2010338 (Security Access Manager)
IBM Security Access Manager version 9.0.3.0 appliances are affected by multiple kernel vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3

Source: MLIST
Type: UNKNOWN
[oss-security] 20151127 CVE request: Linux kernel, information disclosure after file truncate on BTRFS

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

Source: BID
Type: UNKNOWN
78219

Source: CCN
Type: BID-78219
Linux Kernel 'btrfs/inode.c' Information Disclosure Vulnerability

Source: SECTRACK
Type: UNKNOWN
1034895

Source: UBUNTU
Type: UNKNOWN
USN-2886-1

Source: UBUNTU
Type: UNKNOWN
USN-2887-1

Source: UBUNTU
Type: UNKNOWN
USN-2887-2

Source: UBUNTU
Type: UNKNOWN
USN-2888-1

Source: UBUNTU
Type: UNKNOWN
USN-2889-1

Source: UBUNTU
Type: UNKNOWN
USN-2889-2

Source: UBUNTU
Type: UNKNOWN
USN-2890-1

Source: UBUNTU
Type: UNKNOWN
USN-2890-2

Source: UBUNTU
Type: UNKNOWN
USN-2890-3

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=1286261

Source: XF
Type: UNKNOWN
linux-kernel-cve20158374-info-disc(108371)

Source: CCN
Type: Linux Kernel GIT Repository
Btrfs: fix truncation of compressed and inlined extents

Source: CONFIRM
Type: UNKNOWN
https://github.com/torvalds/linux/commit/0305cd5f7fca85dae392b9ba85b116896eb7c1c7

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-8374

Vulnerable Configuration:

Configuration 1:

cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version <= 4.3.2)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration RedHat 6:

cpe:/a:redhat:rhel_extras_rt:7:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

AND

cpe:/a:ibm:storwize_v7000_software:6.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:6.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:6.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:6.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.6.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.7.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.8:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.8.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_network_security:5.4:*:*:*:*:*:*:*

OR cpe:/o:ibm:security_access_manager_firmware:9.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:8.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:8.1.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.redhat.rhsa:def:20162574	P	RHSA-2016:2574: kernel security, bug fix, and enhancement update (Important)	2016-11-03
oval:com.redhat.rhsa:def:20162584	P	RHSA-2016:2584: kernel-rt security, bug fix, and enhancement update (Important)	2016-11-03
oval:org.cisecurity:def:338	P	DSA-3426-1 -- linux -- security update	2016-02-26
oval:com.ubuntu.xenial:def:20158374000	V	CVE-2015-8374 on Ubuntu 16.04 LTS (xenial) - low.	2015-12-28
oval:com.ubuntu.precise:def:20158374000	V	CVE-2015-8374 on Ubuntu 12.04 LTS (precise) - low.	2015-12-28
oval:com.ubuntu.xenial:def:201583740000000	V	CVE-2015-8374 on Ubuntu 16.04 LTS (xenial) - low.	2015-12-28
oval:com.ubuntu.trusty:def:20158374000	V	CVE-2015-8374 on Ubuntu 14.04 LTS (trusty) - low.	2015-12-28

BACK