CVE-2015-8952
 
Severity Score
5.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba.
La funcionalidad mbcache en las implementaciones del sistema de archivos ext2 y ext4 en el kernel de Linux en versiones anteriores a 4.6 no maneja adecuadamente bloque de almacenamiento en caché xattr, lo que permite a usuarios locales provocar una denegación de servicio (bloqueo débil) a través de operaciones de sistema de archivos en entornos que usan muchos atributos, como se demuestra por Ceph y Samba.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-08-25 CVE Reserved
- 2016-10-16 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-19: Data Processing Errors
CAPEC
References (13)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2016/08/22/2 | Mailing List | |
https://bugzilla.kernel.org/show_bug.cgi?id=107301 | Issue Tracking | |
https://bugzilla.redhat.com/show_bug.cgi?id=1360968 | Issue Tracking | |
https://github.com/torvalds/linux/commit/f9a61eb4e2471c56a63cd804c7474128138c38ac | Issue Tracking | |
https://lwn.net/Articles/668718 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/torvalds/linux/commit/82939d7999dfc1f1998c4b1c12e2f19edbdff272 | 2018-03-16 | |
https://usn.ubuntu.com/3582-1 | 2018-03-16 | |
https://usn.ubuntu.com/3582-2 | 2018-03-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.5.7 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.5.7" | - |
Affected
|