CVE-2015-8785

CWE-83517 documents8 sources

Severity

6.2MEDIUM

EPSS

0.1%

top 74.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Suse Linux Enterprise Real Time Extension

Timeline

PublishedFeb 8

Latest updateMay 13

Description

The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages3 packages

▶NVDlinux/linux_kernel< 4.4+1

▶Debianlinux< 4.3.5-1+3

▶NVDsuse/linux_enterprise_real_time_extension12

Patches

Patch: git.kernel.org ↗Patch: github.com ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-4wfp-r3v4-54hj: The fuse_fill_write_pages function in fs/fuse/file↗2022-05-13

▶

OSV

linux-lts-utopic vulnerabilities↗2016-02-22

▶

CVEList

CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file↗2016-02-08

▶

OSV

CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file↗2016-02-08

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2016-02-22

▶

Ubuntu

Linux kernel (Vivid HWE) vulnerabilities↗2016-02-22

▶

Ubuntu

Linux kernel (Raspberry Pi 2) vulnerabilities↗2016-02-22

▶

Ubuntu

Linux kernel (Utopic HWE) vulnerabilities↗2016-02-22

▶

Ubuntu

Linux kernel (Wily HWE) vulnerabilities↗2016-02-22

▶

💬Community

Bugzilla

CVE-2015-8785 kernel: fuse: possible denial of service in fuse_fill_write_pages()↗2015-12-11

▶