{
  "threat_severity" : "Moderate",
  "public_date" : "2015-04-21T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: memcg: OOM handling DoS",
    "id" : "1198109",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1198109"
  },
  "cvss" : {
    "cvss_base_score" : "5.7",
    "cvss_scoring_vector" : "AV:A/AC:M/Au:N/C:N/I:N/A:C",
    "status" : "verified"
  },
  "cwe" : "CWE-833",
  "details" : [ "The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.", "It was found that the Linux kernel memory resource controller's (memcg) handling of OOM (out of memory) conditions could lead to deadlocks. An attacker able to continuously spawn new processes within a single memory-constrained cgroup during an OOM event could use this flaw to lock up the system." ],
  "statement" : "This issue does not affect the Linux kernel versions as shipped with Red Hat Enterprise Linux 5. This issue does affect the Linux kernel versions as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future updates may address this issue in the respective releases.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-04-21T00:00:00Z",
    "advisory" : "RHSA-2015:0864",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-504.16.2.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-11-19T00:00:00Z",
    "advisory" : "RHSA-2015:2411",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-327.rt56.204.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-11-19T00:00:00Z",
    "advisory" : "RHSA-2015:2152",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-327.el7"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2016-01-26T00:00:00Z",
    "advisory" : "RHSA-2016:0068",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-1:3.10.0-327.rt56.170.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-8171\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8171" ],
  "name" : "CVE-2014-8171",
  "csaw" : false
}