CVE-2015-8952

MEDIUM

Linux Kernel < 4.5.7 - Denial of Service via mbcache Xattr Block Caching

Title source: llm
STIX 2.1

Description

The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba.

References (13)

Core 13
Core References
Issue Tracking, Third Party Advisory, VDB Entry x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1360968
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3582-1/
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.kernel.org/show_bug.cgi?id=107301
Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/08/25/4
Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/08/22/2
Third Party Advisory x_refsource_confirm
https://lwn.net/Articles/668718/
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3582-2/

Scores

CVSS v3 5.5
EPSS 0.0045
EPSS Percentile 35.9%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-19
Status published
Products (1)
linux/linux_kernel < 4.5.7
Published Oct 16, 2016
Tracked Since Feb 18, 2026