Resource management error in Linux kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2014-7283 |
| CWE-ID | CWE-399 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Resource management error
EUVDB-ID: #VU41224
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-7283
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a denial of service (filesystem corruption, and OOPS or panic) via operations on directories that have hash collisions, as demonstrated by rmdir operations.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 3.14.1
CPE2.3 External linkshttps://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c88547a8119e3b581318ab65e9b72f27f23e641d
https://marc.info/?l=linux-xfs&m=139590613002926&w=2
https://rhn.redhat.com/errata/RHSA-2014-1943.html
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.2
https://www.openwall.com/lists/oss-security/2014/10/01/29
https://www.securityfocus.com/bid/70261
https://bugzilla.redhat.com/show_bug.cgi?id=1148777
https://github.com/torvalds/linux/commit/c88547a8119e3b581318ab65e9b72f27f23e641d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
