cbcvebase.
CVE-2014-7822
published 2015-03-16

CVE-2014-7822: The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file…

PriorityP430high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.18%
63.7th percentile
The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianlinux< linux 3.16.2-1 (bookworm)linux 3.16.2-1 (bookworm)
linuxlinux_kernel<= 3.15.8
linuxlinux_kernel>= 0 < 3.16.2-13.16.2-1
linuxlinux_kernel>= 0 < 3.16.2-13.16.2-1
linuxlinux_kernel>= 0 < 3.16.2-13.16.2-1
linuxlinux_kernel>= 0 < 3.16.2-13.16.2-1
linuxlinux_kernel>= 0 < 3.13.0-48.803.13.0-48.80

CVSS provenance

nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2HIGH
vendor_redhat7.2HIGH
vendor_ubuntu7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.