CVE-2015-7509
kernel: Mounting ext2 fs e2fsprogs/tests/f_orphan as ext4 crashes system
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015.
fs/ext4/namei.c en el kernel Linux en versiones anteriores a 3.7 permite a atacantes físicamente próximos provocar una denegación de servicio (caída del sistema) a través de un archivo de sistema no-journal manipulado, un problema relacionado con CVE-2013-2015.
A flaw was found in the way the Linux kernel's ext4 file system driver handled non-journal file systems with an orphan list. An attacker with physical access to the system could use this flaw to crash the system or, although unlikely, escalate their privileges on the system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-09-29 CVE Reserved
- 2015-12-28 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-250: Execution with Unnecessary Privileges
CAPEC
References (11)
URL | Tag | Source |
---|---|---|
http://www.securitytracker.com/id/1034559 | Vdb Entry | |
https://bugzilla.suse.com/show_bug.cgi?id=956709 | X_refsource_confirm | |
https://security-tracker.debian.org/tracker/CVE-2015-7509 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 3.6.11 Search vendor "Linux" for product "Linux Kernel" and version " <= 3.6.11" | - |
Affected
|