CVE-2014-8171

CWE-399 CWE-8337 documents7 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 84.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Linux Redhat Enterprise MRG

Timeline

PublishedFeb 9

Latest updateMay 13

Description

The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debianlinux< 3.12.6-1+3

▶NVDredhat/enterprise_mrg2.0

Also affects: Enterprise Linux 6.0, 7.0

🔴Vulnerability Details

GHSA

GHSA-fj89-88c3-v65v: The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes wi↗2022-05-13

▶

CVEList

CVE-2014-8171: The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes wi↗2018-02-09

▶

OSV

CVE-2014-8171: The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes wi↗2018-02-09

▶

📋Vendor Advisories

Red Hat

kernel: memcg: OOM handling DoS↗2015-04-21

▶

Debian

CVE-2014-8171: linux - The memory resource controller (aka memcg) in the Linux kernel allows local user...↗2014

▶

💬Community

Bugzilla

CVE-2014-8171 kernel: memcg: OOM handling DoS↗2015-03-03

▶