CVE-2015-8839

MEDIUM

Linux Kernel < 4.4.221 - Race Condition

Title source: rule

Description

Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling.

References (14)

[Vendor Advisory] http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea3d7209ca01da209cda6f0dea8be9cc4b7a933b

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/04/01/4

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/85798

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1035455

[Third Party Advisory] http://www.ubuntu.com/usn/USN-3005-1

[Third Party Advisory] http://www.ubuntu.com/usn/USN-3006-1

[Third Party Advisory] http://www.ubuntu.com/usn/USN-3007-1

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:1842

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:2077

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:2669

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1323577

[Third Party Advisory] https://github.com/torvalds/linux/commit/ea3d7209ca01da209cda6f0dea8be9cc4b7a933b

[Third Party Advisory] https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html

[Third Party Advisory] https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html

Scores

CVSS v3 5.1

EPSS 0.0004

EPSS Percentile 12.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-362

Status draft

Affected Products (10)

linux/linux_kernel < 4.4.221

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

canonical/ubuntu_linux

canonical/ubuntu_linux

Timeline

Published May 02, 2016

Tracked Since Feb 18, 2026