CVE-2015-8952 — MEDIUM (5.5)

Q: How severe is CVE-2015-8952?

CVE-2015-8952 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-8952?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.

Vulnerability Description

The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	<= 4.5.7

Related Weaknesses (CWE)

CWE-19

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=82939dPatch
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=be0726Patch
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f9a61ePatch
http://www.openwall.com/lists/oss-security/2016/08/22/2Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/08/25/4PatchThird Party Advisory
https://bugzilla.kernel.org/show_bug.cgi?id=107301Issue TrackingThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1360968Issue TrackingThird Party AdvisoryVDB Entry
https://github.com/torvalds/linux/commit/82939d7999dfc1f1998c4b1c12e2f19edbdff27Vendor Advisory
https://github.com/torvalds/linux/commit/be0726d33cb8f411945884664924bed3cb8c70eIssue TrackingPatch
https://github.com/torvalds/linux/commit/f9a61eb4e2471c56a63cd804c7474128138c38aIssue Tracking
https://lwn.net/Articles/668718/Third Party Advisory
https://usn.ubuntu.com/3582-1/
https://usn.ubuntu.com/3582-2/
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=82939dPatch
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=be0726Patch

FAQ

What is CVE-2015-8952?

CVE-2015-8952 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) v...

How severe is CVE-2015-8952?

CVE-2015-8952 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-8952?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.