PT-2015-1018 · Linux+5 · Linux+5

Publicado

2014-08-18

·

Atualizado

2023-02-13

·

CVE-2014-7822

CVSS v2.0

7.2

Alta

VetorAV:L/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions linux-image versions 3.13.0 through 3.15.x linux-image versions 3.2.0 through 3.15.x
Description The issue is related to the implementation of certain splice write file operations in the Linux kernel, which does not enforce a restriction on the maximum size of a single file. This allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call. The exploitation can be done locally and may lead to disruption of confidentiality, integrity, and availability of protected information.
Recommendations For linux-image versions 3.13.0 through 3.15.x, update to a version after 3.16 to resolve the issue. For linux-image versions 3.2.0 through 3.15.x, update to a version after 3.16 to resolve the issue. As a temporary workaround, consider restricting access to the splice system call to minimize the risk of exploitation.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-17CWE-264

Identificadores relacionados

ALT-PU-2014-2009
ALT-PU-2015-1794
BDU:2015-09845
BDU:2015-09846
CESA-2015_0102
CESA-2015_0674
CVE-2014-7822
DLA-155-1
DSA-3170-1
OPENSUSE-SU-2015_0714-1
RHSA-2015:0102
RHSA-2015:0164
RHSA-2015:0674
RHSA-2015:0694
RHSA-2015_0102
RHSA-2015_0164
RHSA-2015_0674
SUSE-RU-2015:0621-1
SUSE-SU-2015:0529-1
SUSE-SU-2015:0581-1
SUSE-SU-2015:0736-1
SUSE-SU-2015:1174-1
SUSE-SU-2015:1376-1
SUSE-SU-2015:1488-1
SUSE-SU-2015:1489-1
USN-2541-1
USN-2542-1
USN-2543-1
USN-2544-1

Produtos afetados

Alt Linux
Centos
Linux
Red Hat
Suse
Ubuntu