UBUNTU-CVE-2015-8839

Description

Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling.

CVSS Metrics

• v3.1•MEDIUM•Score: 5.1CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
• v3.0•MEDIUM•Score: 5.1CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Systems

• ubuntu•linux

  all | < 4.4.0-24.43

• ubuntu•linux-azure-6.11

  all

• ubuntu•linux-azure-fde

  all

• ubuntu•linux-azure-fde-5.15

  all

• ubuntu•linux-gcp-6.11

  all

• ubuntu•linux-gke

  all

• ubuntu•linux-gkeop

  all

• ubuntu•linux-gkeop-5.15

  all

• ubuntu•linux-hwe-6.11

  all

• ubuntu•linux-intel-iot-realtime

  all

• ubuntu•linux-lowlatency-hwe-6.11

  all

• ubuntu•linux-lts-xenial

  < 4.4.0-24.43~14.04.1

• ubuntu•linux-raspi-realtime

  all

• ubuntu•linux-raspi2

  < 4.4.0-1012.16 | all

• ubuntu•linux-realtime

  all

• ubuntu•linux-riscv

  all | all

• ubuntu•linux-snapdragon

  < 4.4.0-1015.18

References (12)

• https://ubuntu.com/security/CVE-2015-8839
• https://git.kernel.org/linus/ea3d7209ca01da209cda6f0dea8be9cc4b7a933b
• https://git.kernel.org/linus/17048e8a083fec7ad841d88ef0812707fbc7e39f
• https://git.kernel.org/linus/32ebffd3bbb4162da5ff88f9a35dd32d0a28ea70
• https://git.kernel.org/linus/011278485ecc3cd2a3954b5d4c73101d919bf1fa
• https://bugzilla.suse.com/show_bug.cgi?id=972174
• http://seclists.org/oss-sec/2016/q2/1
• http://seclists.org/oss-sec/2016/q2/6
• https://ubuntu.com/security/notices/USN-3005-1
• https://ubuntu.com/security/notices/USN-3006-1
• https://ubuntu.com/security/notices/USN-3007-1
• https://www.cve.org/CVERecord?id=CVE-2015-8839