{ "threat_severity" : "Moderate", "public_date" : "2014-10-02T00:00:00Z", "bugzilla" : { "description" : "kernel: xfs: directory hash ordering denial of service", "id" : "1148777", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1148777" }, "cvss" : { "cvss_base_score" : "4.9", "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status" : "verified" }, "details" : [ "The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a denial of service (filesystem corruption, and OOPS or panic) via operations on directories that have hash collisions, as demonstrated by rmdir operations.", "A denial of service flaw was found in the way the Linux kernel's XFS file system implementation ordered directory hashes under certain conditions. A local attacker could use this flaw to corrupt the file system by creating directories with colliding hash values, potentially resulting in a system crash." ], "statement" : "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and 7.", "affected_release" : [ { "product_name" : "Red Hat Enterprise MRG 2", "release_date" : "2014-12-02T00:00:00Z", "advisory" : "RHSA-2014:1943", "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package" : "kernel-rt-0:3.10.58-rt62.58.el6rt" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-7283\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7283" ], "name" : "CVE-2014-7283", "csaw" : false }