Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2015-8952

Disclosure Date: October 16, 2016 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

linux

Products

linux kernel

References

Canonical

CVE-2015-8952 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8952)

Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1360968

https://github.com/torvalds/linux/commit/f9a61eb4e2471c56a63cd804c7474128138c38ac

https://github.com/torvalds/linux/commit/82939d7999dfc1f1998c4b1c12e2f19edbdff272

USN-3582-1 (https://usn.ubuntu.com/3582-1)

https://bugzilla.kernel.org/show_bug.cgi?id=107301

[oss-security] 20160825 Re: CVE request: Linux kernel mbcache lock contention denial of service. (http://www.openwall.com/lists/oss-security/2016/08/25/4)

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=82939d7999dfc1f1998c4b1c12e2f19edbdff272

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=be0726d33cb8f411945884664924bed3cb8c70ee

[oss-security] 20160822 CVE request: Linux kernel mbcache lock contention denial of service. (http://www.openwall.com/lists/oss-security/2016/08/22/2)

https://github.com/torvalds/linux/commit/be0726d33cb8f411945884664924bed3cb8c70ee

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=f9a61eb4e2471c56a63cd804c7474128138c38ac

https://lwn.net/Articles/668718

USN-3582-2 (https://usn.ubuntu.com/3582-2)

Rapid7

Technical Analysis