CVE-2014-8086 – Kernel: fs: ext4 race condition
https://notcve.org/view.php?id=CVE-2014-8086
Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag. Condición de carrera en la función ext4_file_write_iter en fs/ext4/file.c en el kernel de Linux hasta 3.17 permite a usuarios locales causar una denegación de servicio (no disponibilidad de ficheros) a través de una combinación de una acción de escritura y una operación F_SETFL fcntl para el indicador O_DIRECT. A race condition flaw was found in the Linux kernel's ext4 file system implementation that allowed a local, unprivileged user to crash the system by simultaneously writing to a file and toggling the O_DIRECT flag using fcntl(F_SETFL) on that file. • http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://rhn.redhat.com/errata/RHSA-2015-0290.html http://rhn.redhat.com/errata/RHSA-2015-0694.html http://www.openwall.com/lists/oss-security/2014/10/09/25 http://www.securityfocus.com/bid/70376 http://www.spinics.net/lists/linux-ext4/msg45683.html http://www.spinics.net/lists/linux-ext4/msg45685.html https://bugzilla.redhat.com/show_bug.cgi?id=1151353 https://exchange.xforce.ibmcloud.com/vulnerabi • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2014-7283 – kernel: xfs: directory hash ordering denial of service
https://notcve.org/view.php?id=CVE-2014-7283
The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a denial of service (filesystem corruption, and OOPS or panic) via operations on directories that have hash collisions, as demonstrated by rmdir operations. La función xfs_da3_fixhashpath en fs/xfs/xfs_da_btree.c en la implementación xfs en el kernel de Linux anterior a 3.14.2 no compara debidamente los valores de hashes btree, lo que permite a usuarios locales causar una denegación de servicio (corrupción del sistema de ficheros y OOPS o pánico) a través de operaciones sobre directorios que tienen colisiones de hashes, tal y como fue demostrado por operaciones rmdir. A denial of service flaw was found in the way the Linux kernel's XFS file system implementation ordered directory hashes under certain conditions. A local attacker could use this flaw to corrupt the file system by creating directories with colliding hash values, potentially resulting in a system crash. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c88547a8119e3b581318ab65e9b72f27f23e641d http://marc.info/?l=linux-xfs&m=139590613002926&w=2 http://rhn.redhat.com/errata/RHSA-2014-1943.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.2 http://www.openwall.com/lists/oss-security/2014/10/01/29 http://www.securityfocus.com/bid/70261 https://bugzilla.redhat.com/show_bug.cgi?id=1148777 https://github.com/torvalds/linux/co • CWE-399: Resource Management Errors •
CVE-2014-7975 – Kernel: fs: umount denial of service
https://notcve.org/view.php?id=CVE-2014-7975
The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call. La función do_umount en fs/namespace.c en el kernel de Linux hasta 3.17 no requiere la capacidad CAP_SYS_ADMIN para llamadas do_remount_sb que cambian el sistema de ficheros root a sólo lectura, lo que permite a usuarios locales causar una denegación de servicio (pérdida de la habilidad de escritura) mediante la realización de ciertas llamadas a la liberación de sistemas, la limpieza del indicador / MNT_LOCKED, y la realización de una llamada al sistema umount MNT_FORCE. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ef3a56b1c466629cd0bf482b09c7b0e5a085bb5 http://secunia.com/advisories/60174 http://secunia.com/advisories/61145 http://secunia.com/advisories/62633 http://secunia.com/advisories/62634 http://thread.gmane.org/gmane.linux.kernel.stable/109312 http://www.openwall.com/lists/oss-security/2014/10/08/22 http://www.securityfocus.com/bid/70314 http://www.securitytracker.com/id/1031180 http://www.ubuntu.com/usn/US •
CVE-2014-7970 – Kernel: fs: VFS denial of service
https://notcve.org/view.php?id=CVE-2014-7970
The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call. La implementación pivot_root en fs/namespace.c en el kernel de Linux hasta 3.17 no interactúa debidamente con ciertas localizaciones de un directorio chroot, lo que permite a usuarios locales causar una denegación de servicio (bucle de montaje de árbol) a través de valores . (punto) en ambos argumentos en la llamada de sistema pivot_root. • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://secunia.com/advisories/60174 http://secunia.com/advisories/61142 http://www.openwall.com/lists/oss-security/2014/10/08/21 http://www.securityfocus.com/bid/70319 http://www.securitytracker.com/id/1030991 http://www.spinics.net/lists/linux-fsdevel/msg79153.html http://www.ubuntu.com/usn/USN-2419-1 http://www.ubuntu.com/usn/USN-2420-1 http://www.ubuntu.com/usn/USN-2513-1 http: • CWE-400: Uncontrolled Resource Consumption •
CVE-2014-6418
https://notcve.org/view.php?id=CVE-2014-6418
net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph Monitor. net/ceph/auth_x.c en Ceph, utilizado en el kernel de Linux anterior a 3.16.3, no valida debidamente las respuestas de autor válidas, lo que permite a atacantes remotos causar una denegación de servicio (caída del sistema) o posiblemente tener otro impacto no especificado a través de datos manipulados de la dirección IP de un monitor Ceph. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c27a3e4d667fdcad3db7b104f75659478e0c68d8 http://tracker.ceph.com/issues/8979 http://tracker.ceph.com/issues/9561 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.3 http://www.openwall.com/lists/oss-security/2014/09/15/7 http://www.ubuntu.com/usn/USN-2376-1 http://www.ubuntu.com/usn/USN-2377-1 http://www.ubuntu.com/usn/USN-2378-1 http://www.ubuntu.com/usn/USN • CWE-399: Resource Management Errors •