medium
5.5
CWE
399
Advisory Published
CVE Published
Updated

CVE-2014-8171

First published: Tue Mar 03 2015(Updated: )

On a system with memory-constrained cgroups, it is possible for a non-root user to lock up the system by continuously spawning new processes within a cgroup which is already in an OOM event. Upstream patches: The deadlock was inherent in the original memcg OOM killer design, so the entire rewrite of that mechanism is required for the fix: <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id">http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id</a>= 759496ba6407c6994d6a5ce3a5e74937d7816208 3a13c4d761b4b979ba8767f42345fed3274991b0 519e52473ebe9db5cdef44670d5a97f1fd53d721 fb2a6fc56be66c169f8b80e07ed999ba453a2db2 3812c8c8f3953921ef18544110dafc3505c1ac62 4942642080ea82d99ab5b653abb9a12b7ba31f4a 84235de394d9775bfaa7fa9762a59d91fef0c1fc a0d8b00a3381f9d75764b3377590451cb0b4fe41 1f14c1ac19aa45118054b6d5425873c5c7fc23a1 3168ecbe1c04ec3feb7cb42388a17d7f047fe1a2

Credit: secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
Linux Kernel
Red Hat Enterprise Linux=6.0
Red Hat Enterprise Linux=7.0
Red Hat Enterprise MRG=2.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2014-8171?

    The severity of CVE-2014-8171 is classified as important due to its potential to cause system deadlocks.

  • How do I fix CVE-2014-8171?

    To fix CVE-2014-8171, apply the relevant patches provided in the updates for your Linux Kernel or affected distribution.

  • What systems are affected by CVE-2014-8171?

    CVE-2014-8171 affects Linux Kernel versions and specific versions of Red Hat Enterprise Linux, including 6.0, 7.0, and Red Hat Enterprise MRG 2.0.

  • Can non-root users exploit CVE-2014-8171?

    Yes, non-root users can exploit CVE-2014-8171 by continuously spawning processes in a memory-constrained cgroup.

  • What is the impact of CVE-2014-8171 on system performance?

    The impact of CVE-2014-8171 can lead to severe performance issues, including system unresponsiveness or crashing due to resource exhaustion.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203