CVE-2015-8839

Published May 2, 2016

Last updated 4 years ago

CVSS medium 5.1

Overview

Description: Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.1
Impact score: 3.6
Exploitability score: 1.4
Vector string: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 1.9
Impact score: 2.9
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-362

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2207A54-26BD-4745-8C85-232815AB8788",
            "versionEndIncluding": "4.4.221"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:4.5:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5011ED56-97F0-4754-9C98-B28B806DF6DD"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:4.5:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7FC0A28-90D9-4DF3-8A2A-49C3D4CB470A"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:4.5:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D90B29E-F7B6-4EAB-83D2-1C339310D34D"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:4.5:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02A2E198-C184-459C-9B7C-8A9C74A6DCEE"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:4.5:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F091733F-C9E6-4222-8EA0-9DDEC70EB129"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:4.5:rc6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4736F08-176D-4F49-A59D-E8C0F6DDEC8B"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:4.5:rc7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80AD3822-AE03-412E-8E14-0DAD0BDCA028"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References