Lucene search

[email protected]CVE-2014-9710

HistoryMay 27, 2015 - 10:59 a.m.

CVE-2014-9710

2015-05-2710:59:00

CWE-362

[email protected]

web.nvd.nist.gov

cve-2014-9710

btrfs

linux kernel

3.19

acl settings

xattr-replacement

race condition

nvd

7.6 High

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit.

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle3.18.8

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	3.18.8

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339

lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html

lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html

www.openwall.com/lists/oss-security/2015/03/24/11

www.securitytracker.com/id/1032418

bugzilla.redhat.com/show_bug.cgi?id=1205079

github.com/torvalds/linux/commit/5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339

7.6 High

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2014-9710

debiancve1 prion1 ubuntucve1 nessus9 ubuntu4 openvas6 oraclelinux3 securityvulns1 ibm1 suse2