medium
5.1
CWE
362
Advisory Published
CVE Published
Updated

CVE-2015-8839: Race Condition

First published: Mon Apr 04 2016(Updated: )

A flaw was found in the Linux kernel when attempting to "punch a hole" in files existing on an ext4 filesystem. When punching holes into a file races with the page fault of the same area, it is possible that freed blocks remain referenced from page cache pages mapped to process' address space. Thus modification of these blocks can corrupt data someone else is now storing in those blocks when at some point those pages are written to disk. Upstream fixes: <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea3d7209ca01da209cda6f0dea8be9cc4b7a933b">http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea3d7209ca01da209cda6f0dea8be9cc4b7a933b</a> <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=17048e8a083fec7ad841d88ef0812707fbc7e39f">http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=17048e8a083fec7ad841d88ef0812707fbc7e39f</a> <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=32ebffd3bbb4162da5ff88f9a35dd32d0a28ea70">http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=32ebffd3bbb4162da5ff88f9a35dd32d0a28ea70</a> <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=011278485ecc3cd2a3954b5d4c73101d919bf1fa">http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=011278485ecc3cd2a3954b5d4c73101d919bf1fa</a> References: <a href="http://seclists.org/oss-sec/2016/q2/1">http://seclists.org/oss-sec/2016/q2/1</a>

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Linux kernel<=4.4.221
Linux kernel=4.5-rc1
Linux kernel=4.5-rc2
Linux kernel=4.5-rc3
Linux kernel=4.5-rc4
Linux kernel=4.5-rc5
Linux kernel=4.5-rc6
Linux kernel=4.5-rc7
Ubuntu Linux=14.04
Ubuntu Linux=16.04
Linux Kernel<=4.4.221
Linux Kernel=4.5-rc1
Linux Kernel=4.5-rc2
Linux Kernel=4.5-rc3
Linux Kernel=4.5-rc4
Linux Kernel=4.5-rc5
Linux Kernel=4.5-rc6
Linux Kernel=4.5-rc7
Ubuntu=14.04
Ubuntu=16.04
debian/linux
5.10.223-1
5.10.234-1
6.1.129-1
6.1.135-1
6.12.22-1
6.12.25-1

Remedy

https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Remedy

https://git.kernel.org/linus/ea3d7209ca01da209cda6f0dea8be9cc4b7a933b

Remedy

https://git.kernel.org/linus/17048e8a083fec7ad841d88ef0812707fbc7e39f

Remedy

https://git.kernel.org/linus/32ebffd3bbb4162da5ff88f9a35dd32d0a28ea70

Remedy

https://git.kernel.org/linus/011278485ecc3cd2a3954b5d4c73101d919bf1fa

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2015-8839?

    CVE-2015-8839 is a vulnerability in the ext4 filesystem implementation in the Linux kernel before version 4.5 that allows local users to cause a denial of service (disk corruption).

  • How severe is CVE-2015-8839?

    CVE-2015-8839 has a severity level of medium.

  • Which software is affected by CVE-2015-8839?

    The affected software includes Linux kernel versions before 4.5.

  • How can I fix CVE-2015-8839?

    To fix CVE-2015-8839, you should update your Linux kernel to version 4.5 or higher.

  • Where can I find more information about CVE-2015-8839?

    You can find more information about CVE-2015-8839 on the following links: - [Link 1](http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea3d7209ca01da209cda6f0dea8be9cc4b7a933b) - [Link 2](http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=17048e8a083fec7ad841d88ef0812707fbc7e39f) - [Link 3](http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=32ebffd3bbb4162da5ff88f9a35dd32d0a28ea70)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203