4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
9.0%
The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs
implementation in the Linux kernel before 3.14.2 does not properly compare
btree hash values, which allows local users to cause a denial of service
(filesystem corruption, and OOPS or panic) via operations on directories
that have hash collisions, as demonstrated by rmdir operations.
Author | Note |
---|---|
jdstrand | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support per Debian, introduced in 3.10 reproducer: http://oss.sgi.com/cgi-bin/gitweb.cgi?p=xfs/cmds/xfstests.git;a=commitdiff;h=947ee8bd4b59770534297572b14c695e9c6e001e per apw, this was fixed in passing in 3.13.0-39.66~precise1, part of https://ubuntu.com/security/notices/USN-2394-1, but not documented in the changelog or the USN. |
marc.info/?l=linux-xfs&m=139590613002926&w=2
launchpad.net/bugs/cve/CVE-2014-7283
nvd.nist.gov/vuln/detail/CVE-2014-7283
security-tracker.debian.org/tracker/CVE-2014-7283
ubuntu.com/security/notices/USN-2226-1
ubuntu.com/security/notices/USN-2239-1
ubuntu.com/security/notices/USN-2260-1
ubuntu.com/security/notices/USN-2394-1
www.cve.org/CVERecord?id=CVE-2014-7283