CVE-2014-8086 - OpenCVE

Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:M/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel
Suse	Suse Linux Enterprise Server

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp2:*:*:ltss:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html	Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0290.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0694.html	Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/10/09/25	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/70376	Third Party Advisory VDB Entry
http://www.spinics.net/lists/linux-ext4/msg45683.html	Exploit Mailing List Third Party Advisory
http://www.spinics.net/lists/linux-ext4/msg45685.html	Mailing List Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1151353	Issue Tracking Patch Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/96922	Third Party Advisory VDB Entry
https://lkml.org/lkml/2014/10/8/545	Exploit Mailing List Third Party Advisory
https://lkml.org/lkml/2014/10/9/129	Exploit Mailing List Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2014-10-13T10:00:00

Updated: 2017-09-07T15:57:01

Reserved: 2014-10-09T00:00:00

Link: CVE-2014-8086

JSON object: View

NVD Information

Status : Analyzed

Published: 2014-10-13T10:55:09.590

Modified: 2020-08-14T18:16:04.350

Link: CVE-2014-8086

JSON object: View

Redhat Information

No data.

CWE

CWE-362

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-10-08T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[linux-kernel] 20141008 ext4: kernel BUG at fs/ext4/inode.c:2959!", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lkml.org/lkml/2014/10/8/545"}, {"name": "70376", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/70376"}, {"name": "[linux-ext4] 20141009 [PATCH] add aio/dio regression test race between write and fcntl", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.spinics.net/lists/linux-ext4/msg45685.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151353"}, {"name": "[linux-ext4] 20141009 [PATCH] ext4: fix race between write and fcntl(F_SETFL)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.spinics.net/lists/linux-ext4/msg45683.html"}, {"name": "RHSA-2015:0694", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0694.html"}, {"name": "RHSA-2015:0290", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0290.html"}, {"name": "SUSE-SU-2015:1478", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"}, {"name": "linux-kernel-cve20148086-dos(96922)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96922"}, {"name": "[linux-kernel] 20141009 Re: ext4: kernel BUG at fs/ext4/inode.c:2959!", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lkml.org/lkml/2014/10/9/129"}, {"name": "[oss-security] 20141009 CVE-2014-8086 - Linux kernel ext4 race condition", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/10/09/25"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8086", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[linux-kernel] 20141008 ext4: kernel BUG at fs/ext4/inode.c:2959!", "refsource": "MLIST", "url": "https://lkml.org/lkml/2014/10/8/545"}, {"name": "70376", "refsource": "BID", "url": "http://www.securityfocus.com/bid/70376"}, {"name": "[linux-ext4] 20141009 [PATCH] add aio/dio regression test race between write and fcntl", "refsource": "MLIST", "url": "http://www.spinics.net/lists/linux-ext4/msg45685.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1151353", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151353"}, {"name": "[linux-ext4] 20141009 [PATCH] ext4: fix race between write and fcntl(F_SETFL)", "refsource": "MLIST", "url": "http://www.spinics.net/lists/linux-ext4/msg45683.html"}, {"name": "RHSA-2015:0694", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0694.html"}, {"name": "RHSA-2015:0290", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0290.html"}, {"name": "SUSE-SU-2015:1478", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"}, {"name": "linux-kernel-cve20148086-dos(96922)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96922"}, {"name": "[linux-kernel] 20141009 Re: ext4: kernel BUG at fs/ext4/inode.c:2959!", "refsource": "MLIST", "url": "https://lkml.org/lkml/2014/10/9/129"}, {"name": "[oss-security] 20141009 CVE-2014-8086 - Linux kernel ext4 race condition", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/10/09/25"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-8086", "datePublished": "2014-10-13T10:00:00", "dateReserved": "2014-10-09T00:00:00", "dateUpdated": "2017-09-07T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2EDC011A-F5BE-496E-857F-8586DD6E33E4", "versionEndIncluding": "3.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp2:*:*:ltss:*:*:*", "matchCriteriaId": "C202F75B-221A-40BB-8A0D-451335B39937", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag."}, {"lang": "es", "value": "Condici\u00f3n de carrera en la funci\u00f3n ext4_file_write_iter en fs/ext4/file.c en el kernel de Linux hasta 3.17 permite a usuarios locales causar una denegaci\u00f3n de servicio (no disponibilidad de ficheros) a trav\u00e9s de una combinaci\u00f3n de una acci\u00f3n de escritura y una operaci\u00f3n F_SETFL fcntl para el indicador O_DIRECT."}], "id": "CVE-2014-8086", "lastModified": "2020-08-14T18:16:04.350", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2014-10-13T10:55:09.590", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0290.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0694.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2014/10/09/25"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/70376"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.spinics.net/lists/linux-ext4/msg45683.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.spinics.net/lists/linux-ext4/msg45685.html"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151353"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96922"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://lkml.org/lkml/2014/10/8/545"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://lkml.org/lkml/2014/10/9/129"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}