Vulnerability Details : CVE-2014-7822
The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.
Vulnerability category: Denial of service
Products affected by CVE-2014-7822
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-7822
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 37 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-7822
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2014-7822
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-7822
-
http://rhn.redhat.com/errata/RHSA-2015-0694.html
RHSA-2015:0694 - Security Advisory - Red Hat Customer Portal
-
https://bugzilla.redhat.com/show_bug.cgi?id=1163792
1163792 – (CVE-2014-7822) CVE-2014-7822 kernel: splice: lack of generic write checks
-
http://rhn.redhat.com/errata/RHSA-2015-0674.html
RHSA-2015:0674 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-2544-1
USN-2544-1: Linux kernel vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-2542-1
USN-2542-1: Linux kernel (OMAP4) vulnerabilities | Ubuntu security notices
-
http://www.osvdb.org/117810
404 Not Found
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Oracle Linux Bulletin - October 2015
-
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html
[security-announce] SUSE-SU-2015:1489-1: important: Live patch for the L
-
http://www.debian.org/security/2015/dsa-3170
Debian -- Security Information -- DSA-3170-1 linux
-
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html
[security-announce] SUSE-SU-2015:1488-1: important: Live patch for the L
-
http://www.securityfocus.com/bid/72347
Linux Kernel 'splice()' System Call Local Denial of Service Vulnerability
-
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
[security-announce] SUSE-SU-2015:0736-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html
[security-announce] openSUSE-SU-2015:0714-1: important: Security update
-
http://rhn.redhat.com/errata/RHSA-2015-0102.html
RHSA-2015:0102 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html
[security-announce] SUSE-SU-2015:0529-1: important: Security update for
-
https://www.exploit-db.com/exploits/36743/
Linux Kernel 3.13/3.14 (Ubuntu) - 'splice()' System Call Local Denial of Service - Linux dos Exploit
-
http://rhn.redhat.com/errata/RHSA-2015-0164.html
RHSA-2015:0164 - Security Advisory - Red Hat Customer Portal
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d0207652cbe27d1f962050737848e5ad4671958
-
http://www.ubuntu.com/usn/USN-2541-1
USN-2541-1: Linux kernel vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-2543-1
USN-2543-1: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security notices
-
https://github.com/torvalds/linux/commit/8d0207652cbe27d1f962050737848e5ad4671958
->splice_write() via ->write_iter() · torvalds/linux@8d02076 · GitHub
Jump to