CVE-2015-8839

kernel: ext4 filesystem page fault race condition with fallocate call.

Severity Score

5.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling.

Múltiples condiciones de carrera en la implementación del sistema de archivos ext4 en el kernel de Linux en versiones anteriores a 4.5 permite a usuarios locales provocar una denegación de servicio (corrupción de disco) escribiendo a una página que está asociada con un archivo de usuario diferente después del manejo de hole punching desincronizado y de fallo de página.

A flaw was found in the Linux kernel when attempting to "punch a hole" in files existing on an ext4 filesystem. When punching holes into a file races with the page fault of the same area, it is possible that freed blocks remain referenced from page cache pages mapped to process' address space.

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Complete

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-04-01 CVE Reserved
2016-05-02 CVE Published
2024-08-06 CVE Updated
2025-05-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CAPEC

References (15)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2016/04/01/4	Mailing List
http://www.securityfocus.com/bid/85798	Third Party Advisory
http://www.securitytracker.com/id/1035455	Third Party Advisory
https://github.com/torvalds/linux/commit/ea3d7209ca01da209cda6f0dea8be9cc4b7a933b	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html	Mailing List
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html	Mailing List

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea3d7209ca01da209cda6f0dea8be9cc4b7a933b	2020-10-02
http://www.ubuntu.com/usn/USN-3005-1	2020-10-02
http://www.ubuntu.com/usn/USN-3006-1	2020-10-02
http://www.ubuntu.com/usn/USN-3007-1	2020-10-02
https://access.redhat.com/errata/RHSA-2017:1842	2020-10-02
https://access.redhat.com/errata/RHSA-2017:2077	2020-10-02
https://access.redhat.com/errata/RHSA-2017:2669	2020-10-02
https://bugzilla.redhat.com/show_bug.cgi?id=1323577	2017-09-06
https://access.redhat.com/security/cve/CVE-2015-8839	2017-09-06

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				<= 4.4.221 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.4.221"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.5 Search vendor "Linux" for product "Linux Kernel" and version "4.5"		rc1		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.5 Search vendor "Linux" for product "Linux Kernel" and version "4.5"		rc2		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.5 Search vendor "Linux" for product "Linux Kernel" and version "4.5"		rc3		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.5 Search vendor "Linux" for product "Linux Kernel" and version "4.5"		rc4		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.5 Search vendor "Linux" for product "Linux Kernel" and version "4.5"		rc5		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.5 Search vendor "Linux" for product "Linux Kernel" and version "4.5"		rc6		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.5 Search vendor "Linux" for product "Linux Kernel" and version "4.5"		rc7		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"		lts		Affected