Directory Hash Collision Vulnerability in Linux Kernel

Directory Hash Collision Vulnerability in Linux Kernel

CVE-2014-7283 · MEDIUM Severity

AV:L/AC:L/AU:N/C:N/I:N/A:C

The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a denial of service (filesystem corruption, and OOPS or panic) via operations on directories that have hash collisions, as demonstrated by rmdir operations.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.