Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2014-7822

Published: 16/03/2015 Updated: 13/02/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 725
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Linux

Vulnerability Summary

The implementation of certain splice_write file operations in the Linux kernel prior to 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

Vendor Advisories

Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues and several bugsare now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having Important securityimpact ...
Red Hat: Moderate: kernel security and bug fix update
Synopsis Moderate: kernel security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated kernel packages that fix one security issue and several bugs arenow available for Red Hat Enterprise Linux 5Red Hat Product Security has rated this update as having Moderate securityimpact A Commo ...
Debian Security Advisories: DSA-3170-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation CVE-2013-7421 / CVE-2014-9644 It was discovered that the Crypto API allowed unprivileged users to load arbitrary kernel modules A local user can use this flaw to exploit vulnerabilities ...
Ubuntu Security Notice: linux-ti-omap4 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-trusty vulnerabilities
Several security issues were fixed in the kernel ...
Amazon Linux AMI: ALAS-2015-476
The Linux kernel through 3174 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a "negative groups ...
Red Hat: CVE-2014-7822
A flaw was found in the way the Linux kernel's splice() system call validated its parameters On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system ...

Exploits

Exploit DB: Linux Kernel 3.13/3.14 (Ubuntu) - 'splice()' System Call Local Denial of Service
/* ---------------------------------------------------------------------------------------------------- * cve-2014-7822_pocc * * The implementation of certain splice_write file operations in the Linux kernel before 316 does not enforce a restriction on the maximum size of a single file * which allows local users to cause a denial of service ...
Exploit DB: Linux splice_write Kernel Panic
The implementation of certain splice_write file operations in the Linux kernel before 316 does not enforce a restriction on the maximum size of a single file which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor as ...

References

CWE-264https://bugzilla.redhat.com/show_bug.cgi?id=1163792https://github.com/torvalds/linux/commit/8d0207652cbe27d1f962050737848e5ad4671958http://rhn.redhat.com/errata/RHSA-2015-0164.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0102.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0674.htmlhttp://www.debian.org/security/2015/dsa-3170http://rhn.redhat.com/errata/RHSA-2015-0694.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.htmlhttp://www.ubuntu.com/usn/USN-2543-1http://www.ubuntu.com/usn/USN-2541-1http://www.ubuntu.com/usn/USN-2544-1http://www.ubuntu.com/usn/USN-2542-1https://www.exploit-db.com/exploits/36743/http://www.osvdb.org/117810http://www.securityfocus.com/bid/72347http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.htmlhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d0207652cbe27d1f962050737848e5ad4671958https://access.redhat.com/errata/RHSA-2015:0102https://nvd.nist.govhttps://usn.ubuntu.com/2542-1/https://www.exploit-db.com/exploits/36743/https://access.redhat.com/security/cve/cve-2014-7822https://www.debian.org/security/./dsa-3170
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook