CVE-2014-7822
Linux Kernel 3.13/3.14 (Ubuntu) - 'splice()' System Call Local Denial of Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.
La implementación de ciertas operaciones de archivo splice_write en el kernel de Linux anterior a 3.16 no fuerza una restricción en el tamaño máximo de un archivo, lo que permite a usaurios locales causar una denegación de servicio (caída del sistema) o la posibilidad de tener otro impacto no especificado a través de llamadas anidadas al sistema modificadas, como se ha demostrado mediante el uso de un archivo descriptor asociado con sistemas de ficheros ext4.
A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system.
The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-10-03 CVE Reserved
- 2015-01-29 CVE Published
- 2015-04-11 First Exploit
- 2024-08-06 CVE Updated
- 2025-07-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (23)
| URL | Tag | Source |
|---|---|---|
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d0207652cbe27d1f962050737848e5ad4671958 | X_refsource_confirm | |
| http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | X_refsource_confirm |
|
| http://www.osvdb.org/117810 | Vdb Entry | |
| http://www.securityfocus.com/bid/72347 | Vdb Entry | |
| https://github.com/torvalds/linux/commit/8d0207652cbe27d1f962050737848e5ad4671958 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/131402 | 2015-04-11 | |
| https://www.exploit-db.com/exploits/36743 | 2024-08-06 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 3.15.8 Search vendor "Linux" for product "Linux Kernel" and version " <= 3.15.8" | - |
Affected
| ||||||