CVE-2015-8952 Information

Description

The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes as demonstrated by Ceph and Samba.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=82939d7999dfc1f1998c4b1c12e2f19edbdff272 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=be0726d33cb8f411945884664924bed3cb8c70ee http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f9a61eb4e2471c56a63cd804c7474128138c38ac http://www.openwall.com/lists/oss-security/2016/08/22/2 http://www.openwall.com/lists/oss-security/2016/08/25/4 https://bugzilla.kernel.org/show_bug.cgi?id=107301 https://bugzilla.redhat.com/show_bug.cgi?id=1360968 https://github.com/torvalds/linux/commit/82939d7999dfc1f1998c4b1c12e2f19edbdff272 https://github.com/torvalds/linux/commit/be0726d33cb8f411945884664924bed3cb8c70ee https://github.com/torvalds/linux/commit/f9a61eb4e2471c56a63cd804c7474128138c38ac https://lwn.net/Articles/668718/ https://usn.ubuntu.com/3582-1/ https://usn.ubuntu.com/3582-2/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.5