CVE-2014-8086
Advisory lineage Upstream: 0 Downstream: 7
Modified
Published: 13 Oct 2014, 10:00
Last modified:06 Aug 2024, 13:10
Vulnerability Summary
Overall Risk (default)
medium
29/100 CVSS Score
4.7 MEDIUM
v3.1 (nvd)
EPSS Score
0.04% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
3 found
Dark Web
Not detected
Timeline
13 Oct 2014, 10:00
Published
Vulnerability first disclosed
06 Aug 2024, 13:10
Last Modified
Vulnerability information updated
Description
Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag.
CVSS Metrics
- v3.1•MEDIUM•Score: 4.7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
- v2.0•MEDIUM•Score: 4.7AV:L/AC:M/Au:N/C:N/I:N/A:C
EPSS Trends
Current EPSS score: 0.04%• Percentile: 11%
Techniques & Countermeasures
- CWE-362•Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Affected Systems
- linux•linux_kernel
≤ 3.17
- suse•suse_linux_enterprise_server
11:sp2
References (11)
- https://lkml.org/lkml/2014/10/8/545
- http://www.securityfocus.com/bid/70376
- http://www.spinics.net/lists/linux-ext4/msg45685.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1151353
- http://www.spinics.net/lists/linux-ext4/msg45683.html
- http://rhn.redhat.com/errata/RHSA-2015-0694.html
- http://rhn.redhat.com/errata/RHSA-2015-0290.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96922
- https://lkml.org/lkml/2014/10/9/129
- http://www.openwall.com/lists/oss-security/2014/10/09/25