CVE-2014-8086
Kernel: fs: ext4 race condition
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag.
Condición de carrera en la función ext4_file_write_iter en fs/ext4/file.c en el kernel de Linux hasta 3.17 permite a usuarios locales causar una denegación de servicio (no disponibilidad de ficheros) a través de una combinación de una acción de escritura y una operación F_SETFL fcntl para el indicador O_DIRECT.
A race condition flaw was found in the Linux kernel's ext4 file system implementation that allowed a local, unprivileged user to crash the system by simultaneously writing to a file and toggling the O_DIRECT flag using fcntl(F_SETFL) on that file.
USN-2448-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem. An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-10-09 CVE Reserved
- 2014-10-13 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/10/09/25 | Mailing List |
|
| http://www.securityfocus.com/bid/70376 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/96922 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| http://www.spinics.net/lists/linux-ext4/msg45683.html | 2024-08-06 | |
| https://lkml.org/lkml/2014/10/8/545 | 2024-08-06 | |
| https://lkml.org/lkml/2014/10/9/129 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://www.spinics.net/lists/linux-ext4/msg45685.html | 2020-08-14 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1151353 | 2015-03-17 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html | 2020-08-14 | |
| http://rhn.redhat.com/errata/RHSA-2015-0290.html | 2020-08-14 | |
| http://rhn.redhat.com/errata/RHSA-2015-0694.html | 2020-08-14 | |
| https://access.redhat.com/security/cve/CVE-2014-8086 | 2015-03-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 3.17 Search vendor "Linux" for product "Linux Kernel" and version " <= 3.17" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11" | sp2, ltss |
Affected
| ||||||