CVE-2014-7283 : The xfs_da3_fixhashpath function in fs/xfs/xfs_da

The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a denial of service (filesystem corruption, and OOPS or panic) via operations on directories that have hash collisions, as demonstrated by rmdir operations.

Published 2014-10-13 10:55:08

Updated 2020-08-06 15:11:18

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2014-7283

Redhat » Mrg Realtime » Version: 2.0
cpe:2.3:a:redhat:mrg_realtime:2.0:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions before (<) 3.14.2
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-7283

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 9 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-7283

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2014-7283

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-7283

https://bugzilla.redhat.com/show_bug.cgi?id=1148777

1148777 – (CVE-2014-7283) CVE-2014-7283 kernel: xfs: directory hash ordering denial of service
Exploit;Issue Tracking;Patch;Third Party Advisory
http://www.securityfocus.com/bid/70261

Linux Kernel 'xfs_da_btree.c' Local Denial of Service Vulnerability
Third Party Advisory;VDB Entry
https://github.com/torvalds/linux/commit/c88547a8119e3b581318ab65e9b72f27f23e641d

xfs: fix directory hash ordering bug · torvalds/linux@c88547a · GitHub
Exploit;Patch;Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c88547a8119e3b581318ab65e9b72f27f23e641d

kernel/git/torvalds/linux.git - Linux kernel source tree
Exploit;Patch;Vendor Advisory
http://marc.info/?l=linux-xfs&m=139590613002926&w=2

'xfs errors while unlinking filenames with hash collisions' - MARC
Exploit;Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/10/01/29

oss-security - xfs directory hash ordering bug
Mailing List;Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1943.html

RHSA-2014:1943 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.2

Release Notes;Vendor Advisory

Jump to

Vulnerability Details : CVE-2014-7283

Products affected by CVE-2014-7283

Exploit prediction scoring system (EPSS) score for CVE-2014-7283

CVSS scores for CVE-2014-7283

CWE ids for CVE-2014-7283

References for CVE-2014-7283