5.1

CVE-2015-8839

Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version <= 4.4.221
LinuxLinux Kernel Version4.5 Updaterc1
LinuxLinux Kernel Version4.5 Updaterc2
LinuxLinux Kernel Version4.5 Updaterc3
LinuxLinux Kernel Version4.5 Updaterc4
LinuxLinux Kernel Version4.5 Updaterc5
LinuxLinux Kernel Version4.5 Updaterc6
LinuxLinux Kernel Version4.5 Updaterc7
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.119
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 1.4 3.6
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:N/I:N/A:P
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://www.securityfocus.com/bid/85798
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1035455
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1323577
Third Party Advisory
Issue Tracking