CVE-2015-8785
Ubuntu Security Notice USN-2907-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
La función fuse_fill_write_pages en fs/fuse/file.c en el kernel de Linux en versiones anteriores a 4.4 permite a usuarios locales provocar una denegación de servicio (bucle infinito) a través de una llamada a sistema writev que desencadena una longitud cero para el primer segmento de un iov.
It was discovered that a use-after-free vulnerability existed in the AF_UNIX implementation in the Linux kernel. A local attacker could use crafted epoll_ctl calls to cause a denial of service (system crash) or expose sensitive information. It was discovered that the KVM implementation in the Linux kernel did not properly restore the values of the Programmable Interrupt Timer (PIT). A user-assisted attacker in a KVM guest could cause a denial of service in the host (system crash). Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-01-24 CVE Reserved
- 2016-02-02 CVE Published
- 2024-08-06 CVE Updated
- 2025-07-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/01/24/1 | Mailing List |
|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | Third Party Advisory |
|
| http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html | Third Party Advisory |
|
| http://www.securityfocus.com/bid/81688 | Third Party Advisory | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1290642 | Issue Tracking |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 4.4 Search vendor "Linux" for product "Linux Kernel" and version " < 4.4" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.4 Search vendor "Linux" for product "Linux Kernel" and version "4.4" | rc1 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.4 Search vendor "Linux" for product "Linux Kernel" and version "4.4" | rc2 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.4 Search vendor "Linux" for product "Linux Kernel" and version "4.4" | rc3 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.4 Search vendor "Linux" for product "Linux Kernel" and version "4.4" | rc4 |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Real Time Extension Search vendor "Suse" for product "Linux Enterprise Real Time Extension" | 12 Search vendor "Suse" for product "Linux Enterprise Real Time Extension" and version "12" | sp1 |
Affected
| ||||||