CVE-2014-8559

Summary

CVE	CVE-2014-8559
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2014-11-10 11:55:00 UTC
Updated	2020-08-13 17:42:00 UTC
Description	The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.

Risk And Classification

Problem Types: CWE-400

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Canonical	Ubuntu Linux	12.04	All	All	All
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	14.10	All	All	All
Operating System	Canonical	Ubuntu Linux	12.04	All	All	All
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	14.10	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Novell	Suse Linux Enterprise Desktop	12.0	All	All	All
Operating System	Novell	Suse Linux Enterprise Desktop	12.0	All	All	All
Operating System	Novell	Suse Linux Enterprise Server	12.0	All	All	All
Operating System	Novell	Suse Linux Enterprise Server	12.0	All	All	All
Operating System	Opensuse	Evergreen	11.4	All	All	All
Operating System	Opensuse	Evergreen	11.4	All	All	All
Operating System	Opensuse	Opensuse	13.1	All	All	All
Operating System	Opensuse	Opensuse	13.1	All	All	All
Operating System	Oracle	Linux	7	-	All	All
Operating System	Oracle	Linux	7	-	All	All
Operating System	Suse	Linux Enterprise Real Time Extension	11	sp3	All	All
Operating System	Suse	Linux Enterprise Real Time Extension	11	sp3	All	All
Operating System	Suse	Linux Enterprise Software Development Kit	12	-	All	All
Operating System	Suse	Linux Enterprise Software Development Kit	12	-	All	All
Operating System	Suse	Linux Enterprise Workstation Extension	12	All	All	All
Operating System	Suse	Linux Enterprise Workstation Extension	12	All	All	All
Operating System	Suse	Suse Linux Enterprise Server	11	sp2	All	All
Operating System	Suse	Suse Linux Enterprise Server	11	sp2	All	All

References

Reference	Source	Link	Tags
LKML: Al Viro: Re: fs: lockup on rename_mutex in fs/dcache.c:1035	MLIST	lkml.org	Mailing List, Patch, Third Party Advisory
Red Hat Customer Portal	REDHAT	rhn.redhat.com	Third Party Advisory
kernel/git/torvalds/linux.git - Linux kernel source tree	CONFIRM	git.kernel.org	Mailing List, Patch, Vendor Advisory
support.f5.com/csp/article/K05211147	CONFIRM	support.f5.com	Third Party Advisory
Red Hat Customer Portal	REDHAT	rhn.redhat.com	Third Party Advisory
[security-announce] SUSE-SU-2015:0529-1: important: Security update for	SUSE	lists.opensuse.org	Mailing List, Third Party Advisory
[security-announce] openSUSE-SU-2015:0714-1: important: Security update	SUSE	lists.opensuse.org	Mailing List, Third Party Advisory
Linux Kernel VFS Deadlock Lets Local Users Cause Denial of Service Conditions on the Target System - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
LKML: Al Viro: Re: fs: lockup on rename_mutex in fs/dcache.c:1035	MLIST	lkml.org	Mailing List, Third Party Advisory
USN-2517-1: Linux kernel (Utopic HWE) vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com	Third Party Advisory
kernel/git/torvalds/linux.git - Linux kernel source tree	CONFIRM	git.kernel.org	Mailing List, Patch, Vendor Advisory
About Secunia Research \| Flexera	SECUNIA	secunia.com	Broken Link
LKML: Al Viro: Re: fs: lockup on rename_mutex in fs/dcache.c:1035	MLIST	lkml.org	Exploit, Mailing List, Third Party Advisory
LKML: Al Viro: Re: fs: lockup on rename_mutex in fs/dcache.c:1035	MLIST	lkml.org	Mailing List, Patch, Third Party Advisory
USN-2516-1: Linux kernel vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com	Third Party Advisory
LKML: Al Viro: Re: fs: lockup on rename_mutex in fs/dcache.c:1035	MLIST	lkml.org	Mailing List, Third Party Advisory
[security-announce] SUSE-SU-2015:0736-1: important: Security update for	SUSE	lists.opensuse.org	Mailing List, Third Party Advisory
USN-2492-1: Linux kernel vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com	Third Party Advisory
LKML: Sasha Levin: fs: lockup on rename_mutex in fs/dcache.c:1035	MLIST	lkml.org	Exploit, Mailing List, Third Party Advisory
USN-2515-1: Linux kernel (Trusty HWE) vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com	Third Party Advisory
[security-announce] SUSE-SU-2015:0178-1: important: Security update for	SUSE	lists.opensuse.org	Mailing List, Third Party Advisory
[security-announce] openSUSE-SU-2015:0566-1: important: kernel update fo	SUSE	lists.opensuse.org	Mailing List, Third Party Advisory
Debian -- Security Information -- DSA-3170-1 linux	DEBIAN	www.debian.org	Exploit, Patch, Third Party Advisory
Oracle Linux Bulletin - October 2015	CONFIRM	www.oracle.com	Third Party Advisory
Bug 1159313 – CVE-2014-8559 Kernel: fs: deadlock due to incorrect usage of rename_lock	CONFIRM	bugzilla.redhat.com	Issue Tracking, Patch, Third Party Advisory
[security-announce] SUSE-SU-2015:0481-1: important: Security update for	SUSE	lists.opensuse.org	Mailing List, Third Party Advisory
USN-2518-1: Linux kernel vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com	Third Party Advisory
oss-security - CVE-2014-8559 - Linux kernel fs/dcache.c incorrect use of rename_lock	MLIST	www.openwall.com	Mailing List, Third Party Advisory
Linux Kernel CVE-2014-8559 Local Denial of Service Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
USN-2493-1: Linux kernel (OMAP4) vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com	Third Party Advisory
LKML: Linus Torvalds: Re: fs: lockup on rename_mutex in fs/dcache.c:1035	MLIST	lkml.org	Mailing List, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.