CVE-2014-8086 : Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Lin

Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag.

Published 2014-10-13 10:55:10

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2014-8086

Linux » Linux Kernel
Versions up to, including, (<=) 3.17
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Suse » Suse Linux Enterprise Server » Version: 11 Update SP2 Ltss Edition
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-8086

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 7 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-8086

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.7	MEDIUM	AV:L/AC:M/Au:N/C:N/I:N/A:C	3.4	6.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
4.7	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H	1.0	3.6	NIST
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2014-8086

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-8086

http://www.spinics.net/lists/linux-ext4/msg45685.html

[PATCH] add aio/dio regression test race between write and fcntl V2 (Linux Ext4)
Mailing List;Patch;Third Party Advisory
http://www.spinics.net/lists/linux-ext4/msg45683.html

[PATCH] ext4: fix race between write and fcntl(F_SETFL) (Linux Ext4)
Exploit;Mailing List;Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0694.html

RHSA-2015:0694 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2014/10/09/25

oss-security - CVE-2014-8086 - Linux kernel ext4 race condition
Mailing List;Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1151353

1151353 – (CVE-2014-8086) CVE-2014-8086 Kernel: fs: ext4 race condition
Issue Tracking;Patch;Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html

[security-announce] SUSE-SU-2015:1478-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/70376

Linux Kernel 'ext4/file.c' Local Denial of Service Vulnerability
Third Party Advisory;VDB Entry
https://lkml.org/lkml/2014/10/8/545

LKML: Sasha Levin: ext4: kernel BUG at fs/ext4/inode.c:2959!
Exploit;Mailing List;Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0290.html

RHSA-2015:0290 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/96922

Linux Kernel ext4/file.c denial of service CVE-2014-8086 Vulnerability Report
Third Party Advisory;VDB Entry
https://lkml.org/lkml/2014/10/9/129

LKML: Dmitry Monakhov: Re: ext4: kernel BUG at fs/ext4/inode.c:2959!
Exploit;Mailing List;Third Party Advisory

Jump to

Vulnerability Details : CVE-2014-8086

Products affected by CVE-2014-8086

Exploit prediction scoring system (EPSS) score for CVE-2014-8086

CVSS scores for CVE-2014-8086

CWE ids for CVE-2014-8086

References for CVE-2014-8086