CVE-2014-8172
Advisory lineage Upstream: 0 Downstream: 4
Modified
Published: 16 Mar 2015, 10:00
Last modified:06 Aug 2024, 13:10
Vulnerability Summary
Overall Risk (default)
low
20/100 CVSS Score
4.9 MEDIUM
v2.0 (nvd)
EPSS Score
0.04% LOW
0% probability -0.05%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
16 Mar 2015, 10:00
Published
Vulnerability first disclosed
06 Aug 2024, 13:10
Last Modified
Vulnerability information updated
Description
The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service (soft lockup or system crash) via unspecified use of Asynchronous I/O (AIO) operations.
CVSS Metrics
- v2.0•MEDIUM•Score: 4.9AV:L/AC:L/Au:N/C:N/I:N/A:C
EPSS Trends
Current EPSS score: 0.04%• Percentile: 14%
Techniques & Countermeasures
- CWE-17•DEPRECATED: Code
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
Affected Systems
- linux•linux_kernel
≤ 3.12.17
References (6)
- http://www.openwall.com/lists/oss-security/2015/03/09/3
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=eee5cc2702929fd41cce28058dc6d6717f723f87
- http://rhn.redhat.com/errata/RHSA-2015-0694.html
- http://rhn.redhat.com/errata/RHSA-2015-0290.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1198503
- https://github.com/torvalds/linux/commit/eee5cc2702929fd41cce28058dc6d6717f723f87