Lucene search

[email protected]CVE-2014-8559

HistoryNov 10, 2014 - 11:55 a.m.

CVE-2014-8559

2014-11-1011:55:09

CWE-400

[email protected]

web.nvd.nist.gov

177

cve-2014-8559

linux kernel

denial of service

deadlock

system hang

nvd

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.7%

JSON

The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.

Affected configurations

NVD

Node

linuxlinux_kernelRange≤3.17.2

Node

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch14.10

Node

novellsuse_linux_enterprise_desktopMatch12.0

novellsuse_linux_enterprise_serverMatch12.0

opensuseevergreenMatch11.4

opensuseopensuseMatch13.1

suselinux_enterprise_real_time_extensionMatch11sp3

suselinux_enterprise_software_development_kitMatch12-

suselinux_enterprise_workstation_extensionMatch12

susesuse_linux_enterprise_serverMatch11sp2ltss

Node

oraclelinuxMatch7-

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle3.17.2

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	3.17.2

References

lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html

lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html

lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html

rhn.redhat.com/errata/RHSA-2015-1976.html

rhn.redhat.com/errata/RHSA-2015-1978.html

secunia.com/advisories/62801

www.debian.org/security/2015/dsa-3170

www.openwall.com/lists/oss-security/2014/10/30/7

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/70854

www.securitytracker.com/id/1034051

www.ubuntu.com/usn/USN-2492-1

www.ubuntu.com/usn/USN-2493-1

www.ubuntu.com/usn/USN-2515-1

www.ubuntu.com/usn/USN-2516-1

www.ubuntu.com/usn/USN-2517-1

www.ubuntu.com/usn/USN-2518-1

bugzilla.redhat.com/show_bug.cgi?id=1159313

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=946e51f2bf37f1656916eb75bd0742ba33983c28

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca5358ef75fc69fee5322a38a340f5739d997c10

lkml.org/lkml/2014/10/25/171

lkml.org/lkml/2014/10/25/179

lkml.org/lkml/2014/10/25/180

lkml.org/lkml/2014/10/26/101

lkml.org/lkml/2014/10/26/116

lkml.org/lkml/2014/10/26/128

lkml.org/lkml/2014/10/26/129

support.f5.com/csp/article/K05211147

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.7%

JSON

Related for CVE-2014-8559

prion1 nvd1 cvelist1 veracode1 nessus25 redhat3 debiancve1 ubuntucve1 openvas47 centos1 oraclelinux1 ubuntu9 fedora21 f51 suse8 securityvulns2 osv1 debian1 ibm1 lenovo1