CVE-2015-8961

HIGH

Linux Kernel 3.10.85-3.12 - Use-After-Free in ext4 Journal Stop Function

Title source: llm
STIX 2.1

Description

The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field.

References (5)

Core 5
Core References
Third Party Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2016-11-01.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94135

Scores

CVSS v3 7.8
EPSS 0.0200
EPSS Percentile 78.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (1)
linux/linux_kernel 3.10.85 - 3.12
Published Nov 16, 2016
Tracked Since Feb 18, 2026