#VU1020 Denial of service in Linux kernel - CVE-2015-8953
Published: October 17, 2016 / Updated: October 18, 2016
Vulnerability identifier: #VU1020
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2015-8953
CWE-ID: CWE-399
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform DoS attack on the target system.
The weakness is due to using of an incorrect cleanup code path by fs/overlayfs/copy_up.c.
Performing filesystem operations on a large file in a lower overlayfs layer, attackers can trigger DoS conditions.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
The weakness is due to using of an incorrect cleanup code path by fs/overlayfs/copy_up.c.
Performing filesystem operations on a large file in a lower overlayfs layer, attackers can trigger DoS conditions.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
Remediation
Update to version 4.2.6.