CVE-2015-8952 : The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux

The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba.

Published 2016-10-16 21:59:02

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2015-8952

Linux » Linux Kernel
Versions up to, including, (<=) 4.5.7
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-8952

EPSS FAQ

0.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 20 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-8952

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:N/A:P	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2015-8952

CWE-19

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-8952

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=82939d7999dfc1f1998c4b1c12e2f19edbdff272

kernel/git/torvalds/linux.git - Linux kernel source tree
Patch
http://www.openwall.com/lists/oss-security/2016/08/25/4

oss-security - Re: CVE request: Linux kernel mbcache lock contention denial of service.
Patch;Third Party Advisory
https://lwn.net/Articles/668718/

ext[24]: MBCache rewrite [LWN.net]
Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=be0726d33cb8f411945884664924bed3cb8c70ee

kernel/git/torvalds/linux.git - Linux kernel source tree
Patch
http://www.openwall.com/lists/oss-security/2016/08/22/2

oss-security - CVE request: Linux kernel mbcache lock contention denial of service.
Third Party Advisory
https://github.com/torvalds/linux/commit/f9a61eb4e2471c56a63cd804c7474128138c38ac

mbcache2: reimplement mbcache · torvalds/linux@f9a61eb · GitHub
Issue Tracking
https://github.com/torvalds/linux/commit/82939d7999dfc1f1998c4b1c12e2f19edbdff272

ext4: convert to mbcache2 · torvalds/linux@82939d7 · GitHub
Vendor Advisory
https://usn.ubuntu.com/3582-2/

USN-3582-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://bugzilla.kernel.org/show_bug.cgi?id=107301

107301 – system hang during ext4 xattr operation
Issue Tracking;Third Party Advisory
https://github.com/torvalds/linux/commit/be0726d33cb8f411945884664924bed3cb8c70ee

ext2: convert to mbcache2 · torvalds/linux@be0726d · GitHub
Issue Tracking;Patch
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f9a61eb4e2471c56a63cd804c7474128138c38ac

kernel/git/torvalds/linux.git - Linux kernel source tree
Patch
https://usn.ubuntu.com/3582-1/

USN-3582-1: Linux kernel vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1360968

1360968 – (CVE-2015-8952) CVE-2015-8952 kernel: mbcache code subject to softlockup DOS in cache management
Issue Tracking;Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2015-8952

Products affected by CVE-2015-8952

Exploit prediction scoring system (EPSS) score for CVE-2015-8952

CVSS scores for CVE-2015-8952

CWE ids for CVE-2015-8952

References for CVE-2015-8952