CVE-2014-7822
published 2015-03-16CVE-2014-7822: The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file…
PriorityP430high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.18%
63.7th percentile
The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 3.16.2-1 (bookworm) | linux 3.16.2-1 (bookworm) |
| linux | linux_kernel | <= 3.15.8 | — |
| linux | linux_kernel | >= 0 < 3.16.2-1 | 3.16.2-1 |
| linux | linux_kernel | >= 0 < 3.16.2-1 | 3.16.2-1 |
| linux | linux_kernel | >= 0 < 3.16.2-1 | 3.16.2-1 |
| linux | linux_kernel | >= 0 < 3.16.2-1 | 3.16.2-1 |
| linux | linux_kernel | >= 0 < 3.13.0-48.80 | 3.13.0-48.80 |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2HIGH
vendor_redhat7.2HIGH
vendor_ubuntu7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2015-03-24·CVSS 2.1
CVE-2013-7421 [LOW] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Eric Windisch discovered flaw in how the Linux kernel's XFS file system
replaces remote attributes. A local access with access to an XFS file
system could exploit this flaw to escalate their privileges.
(CVE-2015-0274)
A flaw was discovered in the automatic loading of modules in the crypto
subsystem of the Linux kernel. A local user could exploit this flaw to load
installed kernel modules, increasing the attack surface and potentially
using this to gain administrative privileges. (CVE-2013-7421)
The Linux kernel's splice system call did not correctly validate its
parameters. A local, unprivileged user could exploit this flaw to cause a
denial of service (system crash). (CVE-2014-7822)
A flaw
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities
vendor_ubuntu·2015-03-24·CVSS 2.1
CVE-2013-7421 [LOW] Linux kernel (Trusty HWE) vulnerabilities
Title: Linux kernel (Trusty HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Eric Windisch discovered flaw in how the Linux kernel's XFS file system
replaces remote attributes. A local access with access to an XFS file
system could exploit this flaw to escalate their privileges.
(CVE-2015-0274)
A flaw was discovered in the automatic loading of modules in the crypto
subsystem of the Linux kernel. A local user could exploit this flaw to load
installed kernel modules, increasing the attack surface and potentially
using this to gain administrative privileges. (CVE-2013-7421)
The Linux kernel's splice system call did not correctly validate its
parameters. A local, unprivileged user could exploit this flaw to cause a
denial of service (system crash). (CVE-2014-
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2015-03-24·CVSS 7.2
CVE-2014-7822 [HIGH] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Several security issues were fixed in the kernel.
The Linux kernel's splice system call did not correctly validate its
parameters. A local, unprivileged user could exploit this flaw to cause a
denial of service (system crash). (CVE-2014-7822)
A flaw was discovered in how Thread Local Storage (TLS) is handled by the
task switching function in the Linux kernel for x86_64 based machines. A
local user could exploit this flaw to bypass the Address Space Layout
Radomization (ASLR) protection mechanism. (CVE-2014-9419)
Dmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file
name decoding. A local unprivileged user could exploit this flaw to cause a
denial of service (system crash) or potentially gain administrative
privil
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2015-03-24·CVSS 7.2
CVE-2014-7822 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
The Linux kernel's splice system call did not correctly validate its
parameters. A local, unprivileged user could exploit this flaw to cause a
denial of service (system crash). (CVE-2014-7822)
A flaw was discovered in how Thread Local Storage (TLS) is handled by the
task switching function in the Linux kernel for x86_64 based machines. A
local user could exploit this flaw to bypass the Address Space Layout
Radomization (ASLR) protection mechanism. (CVE-2014-9419)
Dmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file
name decoding. A local unprivileged user could exploit this flaw to cause a
denial of service (system crash) or potentially gain administrative
privileges. (C
Red Hat
kernel: splice: lack of generic write checks
vendor_redhat·2015-01-28·CVSS 7.2
CVE-2014-7822 [HIGH] kernel: splice: lack of generic write checks
kernel: splice: lack of generic write checks
The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.
A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system.
Statement: This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2
Debian
CVE-2014-7822: linux - The implementation of certain splice_write file operations in the Linux kernel b...
vendor_debian·2014·CVSS 7.2
CVE-2014-7822 [HIGH] CVE-2014-7822: linux - The implementation of certain splice_write file operations in the Linux kernel b...
The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.
Scope: local
bookworm: resolved (fixed in 3.16.2-1)
bullseye: resolved (fixed in 3.16.2-1)
forky: resolved (fixed in 3.16.2-1)
sid: resolved (fixed in 3.16.2-1)
trixie: resolved (fixed in 3.16.2-1)
GHSA
GHSA-wjhv-8fw8-jxw2: The implementation of certain splice_write file operations in the Linux kernel before 3
ghsa_unreviewed·2022-05-17
CVE-2014-7822 [HIGH] GHSA-wjhv-8fw8-jxw2: The implementation of certain splice_write file operations in the Linux kernel before 3
The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.
OSV
linux vulnerabilities
osv·2015-03-24·CVSS 2.1
CVE-2015-0274 [LOW] linux vulnerabilities
linux vulnerabilities
Eric Windisch discovered flaw in how the Linux kernel's XFS file system
replaces remote attributes. A local access with access to an XFS file
system could exploit this flaw to escalate their privileges.
(CVE-2015-0274)
A flaw was discovered in the automatic loading of modules in the crypto
subsystem of the Linux kernel. A local user could exploit this flaw to load
installed kernel modules, increasing the attack surface and potentially
using this to gain administrative privileges. (CVE-2013-7421)
The Linux kernel's splice system call did not correctly validate its
parameters. A local, unprivileged user could exploit this flaw to cause a
denial of service (system crash). (CVE-2014-7822)
A flaw was discovered in the crypto subsystem when screening module names
for au
OSV
CVE-2014-7822: The implementation of certain splice_write file operations in the Linux kernel before 3
osv·2015-03-16·CVSS 7.2
CVE-2014-7822 [HIGH] CVE-2014-7822: The implementation of certain splice_write file operations in the Linux kernel before 3
The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.
No detection rules found.
Bugzilla
CVE-2014-7822 kernel: splice: lack of generic write checks
bugzilla·2014-11-13·CVSS 7.2
CVE-2014-7822 [HIGH] CVE-2014-7822 kernel: splice: lack of generic write checks
CVE-2014-7822 kernel: splice: lack of generic write checks
It was found that there are no size checks in the splice IO path, so it's
possible to send a write past s_maxbytes to a filesystem. For ext4, at
least, this ends badly, with a BUG_ON.
A local unprivileged user could use this flaw to crash the system.
Acknowledgements:
Red Hat would like to thank Akira Fujita of NEC for reporting this issue.
Upstream patches:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d0207652cbe27d1f962050737848e5ad4671958
(this patch rearranges splice with a side effect of invoking
generic_write_checks() along the way)
Discussion:
Statement:
This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Futu
Bugzilla
CVE-2014-3691 foreman-proxy: failure to verify SSL certificates
bugzilla·2014-10-09·CVSS 7.5
CVE-2014-3691 [HIGH] CVE-2014-3691 foreman-proxy: failure to verify SSL certificates
CVE-2014-3691 foreman-proxy: failure to verify SSL certificates
It was discovered that Foreman Smart Proxy failed to verify SSL certificates. As noted in the upstream bug, "This permits any client with access to the API to make requests and perform actions (permitting control of Puppet CA, DHCP, DNS etc.)".
A mitigation is available from the following:
https://groups.google.com/forum/#!topic/foreman-announce/jXC5ixybjqo
References:
http://projects.theforeman.org/issues/7822
Discussion:
This issue has been addressed in the following products:
OpenStack 4 for RHEL 6
Via RHSA-2015:0288 https://rhn.redhat.com/errata/RHSA-2015-0288.html
---
This issue has been addressed in the following products:
OpenStack Foreman for RHEL 6
Via RHSA-2015:0287 https://rhn.redhat.com/errata/RHSA-201
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d0207652cbe27d1f962050737848e5ad4671958http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0102.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0164.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0674.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0694.htmlhttp://www.debian.org/security/2015/dsa-3170http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.osvdb.org/117810http://www.securityfocus.com/bid/72347http://www.ubuntu.com/usn/USN-2541-1http://www.ubuntu.com/usn/USN-2542-1http://www.ubuntu.com/usn/USN-2543-1http://www.ubuntu.com/usn/USN-2544-1https://bugzilla.redhat.com/show_bug.cgi?id=1163792https://github.com/torvalds/linux/commit/8d0207652cbe27d1f962050737848e5ad4671958https://www.exploit-db.com/exploits/36743/http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d0207652cbe27d1f962050737848e5ad4671958http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0102.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0164.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0674.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0694.htmlhttp://www.debian.org/security/2015/dsa-3170http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.osvdb.org/117810http://www.securityfocus.com/bid/72347http://www.ubuntu.com/usn/USN-2541-1http://www.ubuntu.com/usn/USN-2542-1http://www.ubuntu.com/usn/USN-2543-1http://www.ubuntu.com/usn/USN-2544-1https://bugzilla.redhat.com/show_bug.cgi?id=1163792https://github.com/torvalds/linux/commit/8d0207652cbe27d1f962050737848e5ad4671958https://www.exploit-db.com/exploits/36743/
2015-03-16
Published