PT-2015-1018 · Linux+5 · Linux+5

Published

2014-08-18

·

Updated

2023-02-13

·

CVE-2014-7822

CVSS v2.0

7.2

High

VectorAV:L/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions linux-image versions 3.13.0 through 3.15.x linux-image versions 3.2.0 through 3.15.x
Description The issue is related to the implementation of certain splice write file operations in the Linux kernel, which does not enforce a restriction on the maximum size of a single file. This allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call. The exploitation can be done locally and may lead to disruption of confidentiality, integrity, and availability of protected information.
Recommendations For linux-image versions 3.13.0 through 3.15.x, update to a version after 3.16 to resolve the issue. For linux-image versions 3.2.0 through 3.15.x, update to a version after 3.16 to resolve the issue. As a temporary workaround, consider restricting access to the splice system call to minimize the risk of exploitation.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-17CWE-264

Related Identifiers

ALT-PU-2014-2009
ALT-PU-2015-1794
BDU:2015-09845
BDU:2015-09846
CESA-2015_0102
CESA-2015_0674
CVE-2014-7822
DLA-155-1
DSA-3170-1
OPENSUSE-SU-2015_0714-1
RHSA-2015:0102
RHSA-2015:0164
RHSA-2015:0674
RHSA-2015:0694
RHSA-2015_0102
RHSA-2015_0164
RHSA-2015_0674
SUSE-RU-2015:0621-1
SUSE-SU-2015:0529-1
SUSE-SU-2015:0581-1
SUSE-SU-2015:0736-1
SUSE-SU-2015:1174-1
SUSE-SU-2015:1376-1
SUSE-SU-2015:1488-1
SUSE-SU-2015:1489-1
USN-2541-1
USN-2542-1
USN-2543-1
USN-2544-1

Affected Products

Alt Linux
Centos
Linux
Red Hat
Suse
Ubuntu