A flaw was found in the Linux kernel when attempting to "punch a hole" in files existing on an ext4 filesystem. When punching holes into a file races with the page fault of the same area, it is possible that freed blocks remain referenced from page cache pages mapped to process' address space.
Find out more about CVE-2015-8839 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6.
This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7 and MRG-2 kernels.
| Base Score | 4.7 |
|---|---|
| Base Metrics | AV:L/AC:M/Au:N/C:N/I:C/A:N |
| Access Vector | Local |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | Complete |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 7 (kernel) | RHSA-2017:1842 | 2017-08-01 |
| Red Hat MRG Grid for RHEL 6 Server v.2 (kernel-rt) | RHSA-2017:2669 | 2017-09-06 |
| Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt) | RHSA-2017:2077 | 2017-08-01 |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected |
| Red Hat Enterprise Linux 5 | kernel | Not affected |
| Red Hat Enterprise Linux 4 | kernel | Not affected |
Vulmon