UBUNTU-CVE-2015-8374
Advisory lineage Upstream: 1 Downstream: 4
Upstream
Downstream
Published: 28 Dec 2015, 00:00
Last modified:22 Apr 2026, 10:21
Vulnerability Summary
Overall Risk (default)
low
16/100 CVSS Score
4 MEDIUM
3.0 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
28 Dec 2015, 00:00
Published
Vulnerability first disclosed
22 Apr 2026, 10:21
Last Modified
Vulnerability information updated
Description
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.
CVSS Metrics
- v3.0•MEDIUM•Score: 4CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Systems
- ubuntu•linux
< 3.13.0-77.121
- ubuntu•linux-lts-utopic
< 3.16.0-60.80~14.04.1
- ubuntu•linux-lts-vivid
< 3.19.0-49.55~14.04.1
- ubuntu•linux-lts-wily
< 4.2.0-27.32~14.04.1
References (13)
- https://ubuntu.com/security/CVE-2015-8374
- http://www.openwall.com/lists/oss-security/2015/11/27/2
- https://ubuntu.com/security/notices/USN-2886-1
- https://ubuntu.com/security/notices/USN-2886-2
- https://ubuntu.com/security/notices/USN-2889-2
- https://ubuntu.com/security/notices/USN-2889-1
- https://ubuntu.com/security/notices/USN-2887-1
- https://ubuntu.com/security/notices/USN-2887-2
- https://ubuntu.com/security/notices/USN-2888-1
- https://ubuntu.com/security/notices/USN-2890-1
- https://ubuntu.com/security/notices/USN-2890-2
- https://ubuntu.com/security/notices/USN-2890-3
- https://www.cve.org/CVERecord?id=CVE-2015-8374