Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

None

Attack Vector

Local

0

CVE-2015-8839

Disclosure Date: May 02, 2016 •

CVE-2015-8839 CVSS v3 Base Score: 5.1

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user’s file after unsynchronized hole punching and page-fault handling.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.1 Medium

Impact Score:

3.6

Exploitability Score:

1.4

Vector:

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

High

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

Vendors

canonical,
linux

Products

linux kernel,
linux kernel 4.5,
ubuntu linux 14.04,
ubuntu linux 16.04

References

Canonical

CVE-2015-8839 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8839)

BID-85798 (http://www.securityfocus.com/bid/85798)

Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1323577

USN-3006-1 (http://www.ubuntu.com/usn/USN-3006-1)

SECTRACK-1035455 (http://www.securitytracker.com/id/1035455)

https://github.com/torvalds/linux/commit/ea3d7209ca01da209cda6f0dea8be9cc4b7a933b

USN-3005-1 (http://www.ubuntu.com/usn/USN-3005-1)

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=ea3d7209ca01da209cda6f0dea8be9cc4b7a933b

https://access.redhat.com/errata/RHSA-2017:2669

[oss-security] 20160401 Re: ext4 data corruption due to punch hole races (http://www.openwall.com/lists/oss-security/2016/04/01/4)

https://access.redhat.com/errata/RHSA-2017:2077

USN-3007-1 (http://www.ubuntu.com/usn/USN-3007-1)

https://access.redhat.com/errata/RHSA-2017:1842

[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update (https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html)

[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update (https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html)

Rapid7

Technical Analysis