Vulnerability Name: | CVE-2015-8839 (CCN-114520) | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Assigned: | 2015-12-07 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Published: | 2015-12-07 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Updated: | 2020-10-02 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Summary: | Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling. | ||||||||||||||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 5.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) 4.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-362 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2015-8839 Source: CCN Type: Linux Kernel GIT Repository ext4: fix races between page faults and hole punching Source: CONFIRM Type: Vendor Advisory http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea3d7209ca01da209cda6f0dea8be9cc4b7a933b Source: CCN Type: IBM Security Bulletin T1026731 (PowerKVM) Vulnerabilities in the Linux kernel affect PowerKVM Source: CCN Type: IBM Security Bulletin 2011746 (QRadar Network Security) IBM QRadar Network Security is affected by vulnerabilities in Linux kernel Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20160401 Re: ext4 data corruption due to punch hole races Source: BID Type: Third Party Advisory, VDB Entry 85798 Source: CCN Type: BID-85798 Linux Kernel CVE-2015-8839 Local Security Bypass Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1035455 Source: UBUNTU Type: Third Party Advisory USN-3005-1 Source: UBUNTU Type: Third Party Advisory USN-3006-1 Source: UBUNTU Type: Third Party Advisory USN-3007-1 Source: REDHAT Type: Third Party Advisory RHSA-2017:1842 Source: REDHAT Type: Third Party Advisory RHSA-2017:2077 Source: REDHAT Type: Third Party Advisory RHSA-2017:2669 Source: CCN Type: Red Hat Bugzilla Bug 1323577 (CVE-2015-8839) CVE-2015-8839 kernel: ext4 filesystem page fault race condition with fallocate call Source: CONFIRM Type: Issue Tracking, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1323577 Source: XF Type: UNKNOWN linux-kernel-cve20158839-dos(114520) Source: CONFIRM Type: Third Party Advisory https://github.com/torvalds/linux/commit/ea3d7209ca01da209cda6f0dea8be9cc4b7a933b Source: MLIST Type: Third Party Advisory [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update Source: MLIST Type: Third Party Advisory [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration RedHat 6: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||
BACK |