Vulnerability Details : CVE-2015-7509
fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2015-7509
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7509
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7509
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST | |
4.4
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
0.8
|
3.6
|
NIST |
CWE ids for CVE-2015-7509
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-7509
-
https://security-tracker.debian.org/tracker/CVE-2015-7509
CVE-2015-7509
-
https://bugzilla.suse.com/show_bug.cgi?id=956709
Bug 956709 – VUL-0: CVE-2015-7509: kernel: Mounting ext2 fs e2fsprogs/tests/f_orphan as ext4 crashes system
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
[security-announce] SUSE-SU-2016:2074-1: important: Security update for
-
https://bugzilla.redhat.com/show_bug.cgi?id=1259222
1259222 – (CVE-2015-7509) CVE-2015-7509 kernel: Mounting ext2 fs e2fsprogs/tests/f_orphan as ext4 crashes system
-
https://github.com/torvalds/linux/commit/c9b92530a723ac5ef8e352885a1862b18f31b2f5
ext4: make orphan functions be no-op in no-journal mode · torvalds/linux@c9b9253 · GitHubVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html
[security-announce] SUSE-SU-2015:2339-1: important: Security update for
-
http://www.securitytracker.com/id/1034559
Linux Kernel Filesystem Mounting Bug Lets Local Users Cause Denial of Service Conditions or Obtain Elevated Privileges on the Target System - SecurityTracker
-
http://rhn.redhat.com/errata/RHSA-2016-0855.html
RHSA-2016:0855 - Security Advisory - Red Hat Customer Portal
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c9b92530a723ac5ef8e352885a1862b18f31b2f5
kernel/git/torvalds/linux.git - Linux kernel source treeVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html
[security-announce] SUSE-SU-2015:2350-1: important: Security update for
Jump to