// For flags

CVE-2014-7822

Linux Kernel 3.13/3.14 (Ubuntu) - 'splice()' System Call Local Denial of Service

Severity Score

7.2
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.

La implementación de ciertas operaciones de archivo splice_write en el kernel de Linux anterior a 3.16 no fuerza una restricción en el tamaño máximo de un archivo, lo que permite a usaurios locales causar una denegación de servicio (caída del sistema) o la posibilidad de tener otro impacto no especificado a través de llamadas anidadas al sistema modificadas, como se ha demostrado mediante el uso de un archivo descriptor asociado con sistemas de ficheros ext4.

A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-10-03 CVE Reserved
  • 2015-01-29 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (22)
URL Tag Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d0207652cbe27d1f962050737848e5ad4671958 X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html X_refsource_confirm
http://www.osvdb.org/117810 Vdb Entry
http://www.securityfocus.com/bid/72347 Vdb Entry
https://github.com/torvalds/linux/commit/8d0207652cbe27d1f962050737848e5ad4671958 X_refsource_confirm
URL Date SRC
https://www.exploit-db.com/exploits/36743 2024-08-06
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html 2023-02-13
http://rhn.redhat.com/errata/RHSA-2015-0102.html 2023-02-13
http://rhn.redhat.com/errata/RHSA-2015-0164.html 2023-02-13
http://rhn.redhat.com/errata/RHSA-2015-0674.html 2023-02-13
http://rhn.redhat.com/errata/RHSA-2015-0694.html 2023-02-13
http://www.debian.org/security/2015/dsa-3170 2023-02-13
http://www.ubuntu.com/usn/USN-2541-1 2023-02-13
http://www.ubuntu.com/usn/USN-2542-1 2023-02-13
http://www.ubuntu.com/usn/USN-2543-1 2023-02-13
http://www.ubuntu.com/usn/USN-2544-1 2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=1163792 2015-03-17
https://access.redhat.com/security/cve/CVE-2014-7822 2015-03-17
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 <= 3.15.8
Search vendor "Linux" for product "Linux Kernel" and version " <= 3.15.8"
-
Affected