CVE-2014-8559 — MEDIUM (5.5)

Q: How severe is CVE-2014-8559?

CVE-2014-8559 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-8559?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Novell Suse Linux Enterprise Desktop, Novell Suse Linux Enterprise Server, Opensuse Evergreen.

Vulnerability Description

The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	<= 3.17.2
Canonical	Ubuntu Linux	12.04
Novell	Suse Linux Enterprise Desktop	12.0
Novell	Suse Linux Enterprise Server	12.0
Opensuse	Evergreen	11.4
Opensuse	Opensuse	13.1
Suse	Linux Enterprise Real Time Extension	11
Suse	Linux Enterprise Software Development Kit	12
Suse	Linux Enterprise Workstation Extension	12
Suse	Suse Linux Enterprise Server	11
Oracle	Linux	7

Related Weaknesses (CWE)

CWE-400

References

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1976.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1978.htmlThird Party Advisory
http://secunia.com/advisories/62801Broken Link
http://www.debian.org/security/2015/dsa-3170ExploitPatchThird Party Advisory
http://www.openwall.com/lists/oss-security/2014/10/30/7Mailing ListThird Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.hThird Party Advisory
http://www.securityfocus.com/bid/70854Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1034051Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-2492-1Third Party Advisory

FAQ

What is CVE-2014-8559?

CVE-2014-8559 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and syste...

How severe is CVE-2014-8559?

CVE-2014-8559 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-8559?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Novell Suse Linux Enterprise Desktop, Novell Suse Linux Enterprise Server, Opensuse Evergreen.