CVE-2014-8559medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.
References
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
http://rhn.redhat.com/errata/RHSA-2015-1976.html
http://rhn.redhat.com/errata/RHSA-2015-1978.html
http://secunia.com/advisories/62801
http://www.debian.org/security/2015/dsa-3170
http://www.openwall.com/lists/oss-security/2014/10/30/7
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/70854
http://www.securitytracker.com/id/1034051
http://www.ubuntu.com/usn/USN-2492-1
http://www.ubuntu.com/usn/USN-2493-1
http://www.ubuntu.com/usn/USN-2515-1
http://www.ubuntu.com/usn/USN-2516-1
http://www.ubuntu.com/usn/USN-2517-1
http://www.ubuntu.com/usn/USN-2518-1
https://bugzilla.redhat.com/show_bug.cgi?id=1159313
https://lkml.org/lkml/2014/10/25/171
https://lkml.org/lkml/2014/10/25/179
https://lkml.org/lkml/2014/10/25/180
https://lkml.org/lkml/2014/10/26/101
https://lkml.org/lkml/2014/10/26/116
https://lkml.org/lkml/2014/10/26/128
Details
Source: MITRE
Published: 2014-11-10
Updated: 2020-08-13
Type: CWE-400
Risk Information
CVSS v2
Base Score: 4.9
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact Score: 6.9
Exploitability Score: 3.9
Severity: MEDIUM
CVSS v3
Base Score: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 1.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 3.17.2 (inclusive)
Configuration 2
OR
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
Configuration 3
OR
cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
Configuration 4
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 124807 | EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1483) | Nessus | Huawei Local Security Checks | high |
| 124798 | EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1474) | Nessus | Huawei Local Security Checks | high |
| 86747 | Scientific Linux Security Update : kernel on SL7.x x86_64 (20151103) | Nessus | Scientific Linux Local Security Checks | medium |
| 86723 | CentOS 7 : kernel (CESA-2015:1978) | Nessus | CentOS Local Security Checks | medium |
| 86718 | RHEL 7 : kernel (RHSA-2015:1978) | Nessus | Red Hat Local Security Checks | medium |
| 86717 | RHEL 7 : kernel-rt (RHSA-2015:1977) | Nessus | Red Hat Local Security Checks | medium |
| 86716 | RHEL 6 : MRG (RHSA-2015:1976) | Nessus | Red Hat Local Security Checks | medium |
| 86714 | Oracle Linux 7 : kernel (ELSA-2015-1978) | Nessus | Oracle Linux Local Security Checks | medium |
| 83702 | SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:0529-1) | Nessus | SuSE Local Security Checks | high |
| 83696 | SUSE SLES11 Security Update : kernel (SUSE-SU-2015:0481-1) | Nessus | SuSE Local Security Checks | high |
| 83678 | SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:0178-1) | Nessus | SuSE Local Security Checks | high |
| 82756 | openSUSE Security Update : Linux Kernel (openSUSE-2015-302) | Nessus | SuSE Local Security Checks | critical |
| 82755 | openSUSE Security Update : the Linux Kernel (openSUSE-2015-301) | Nessus | SuSE Local Security Checks | high |
| 82020 | SuSE 11.3 Security Update : Linux Kernel (SAT Patch Numbers 10412 / 10415 / 10416) | Nessus | SuSE Local Security Checks | high |
| 81646 | Ubuntu 14.04 LTS : linux vulnerabilities (USN-2516-3) | Nessus | Ubuntu Local Security Checks | medium |
| 81645 | Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-2) | Nessus | Ubuntu Local Security Checks | medium |
| 81590 | Ubuntu 14.04 LTS : linux vulnerability (USN-2516-2) | Nessus | Ubuntu Local Security Checks | medium |
| 81571 | Ubuntu 14.10 : linux vulnerabilities (USN-2518-1) | Nessus | Ubuntu Local Security Checks | medium |
| 81570 | Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2517-1) | Nessus | Ubuntu Local Security Checks | medium |
| 81569 | Ubuntu 14.04 LTS : linux vulnerabilities (USN-2516-1) | Nessus | Ubuntu Local Security Checks | medium |
| 81568 | Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-1) | Nessus | Ubuntu Local Security Checks | medium |
| 81449 | Debian DSA-3170-1 : linux - security update | Nessus | Debian Local Security Checks | critical |
| 81165 | Ubuntu 12.04 LTS : linux vulnerabilities (USN-2492-1) | Nessus | Ubuntu Local Security Checks | medium |
| 80146 | Fedora 21 : kernel-3.17.7-300.fc21 (2014-17293) | Nessus | Fedora Local Security Checks | medium |
| 80145 | Fedora 20 : kernel-3.17.7-200.fc20 (2014-17283) | Nessus | Fedora Local Security Checks | medium |