CVE-2014-8559

Published: Nov 10, 2014Modified: May 6, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.

Affected (13)

Products: Linux: Linux Kernel · Canonical: Ubuntu Linux · Novell: Suse Linux Enterprise Desktop, Suse Linux Enterprise Server · +3 more

Show all products

Linux: Linux Kernel · Canonical: Ubuntu Linux · Novell: Suse Linux Enterprise Desktop, Suse Linux Enterprise Server · Opensuse: Evergreen, Opensuse · Suse: Linux Enterprise Real Time Extension, Linux Enterprise Software Development Kit, Linux Enterprise Workstation Extension, Suse Linux Enterprise Server · Oracle: Linux

1 product

1 product

2 products

Suse Linux Enterprise Desktop

Suse Linux Enterprise Server

2 products

4 products

Linux Enterprise Real Time Extension

Linux Enterprise Software Development Kit

Linux Enterprise Workstation Extension

Suse Linux Enterprise Server

Oracle

1 product

Linux

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 3.17.2

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 14.10

Configuration C

8 vulnerable

Vulnerable Software	Affected Versions
Novell Suse Linux Enterprise Desktop	Version 12.0
Novell Suse Linux Enterprise Server	Version 12.0
Opensuse Evergreen	Version 11.4
Opensuse Opensuse	Version 13.1
Suse Linux Enterprise Real Time Extension	Version 11 sp3
Suse Linux Enterprise Software Development Kit	Version 12
Suse Linux Enterprise Workstation Extension	Version 12
Suse Suse Linux Enterprise Server	Version 11 sp2

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Linux	Version 7

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (62)

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1976.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1978.html

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/62801

Source: cve@mitre.org

Broken Link

http://www.debian.org/security/2015/dsa-3170

Source: cve@mitre.org

ExploitPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2014/10/30/7

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/70854

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1034051

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2492-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2493-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2515-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2516-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2517-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2518-1

Source: cve@mitre.org

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1159313

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=946e51f2bf37f1656916eb75bd0742ba33983c28

Source: cve@mitre.org

Mailing ListPatchVendor Advisory

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca5358ef75fc69fee5322a38a340f5739d997c10

Source: cve@mitre.org

Mailing ListPatchVendor Advisory

https://lkml.org/lkml/2014/10/25/171

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

https://lkml.org/lkml/2014/10/25/179

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

https://lkml.org/lkml/2014/10/25/180

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

https://lkml.org/lkml/2014/10/26/101

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lkml.org/lkml/2014/10/26/116

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

https://lkml.org/lkml/2014/10/26/128

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lkml.org/lkml/2014/10/26/129

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://support.f5.com/csp/article/K05211147

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html