CVE-2014-7283 | Vulnerability Database | Aqua Security

The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a denial of service (filesystem corruption, and OOPS or panic) via operations on directories that have hash collisions, as demonstrated by rmdir operations.

Affected Software

Name	Vendor	Start Version	End Version
Linux_kernel	Linux	*	3.14.2 (excluding)

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c88547a8119e3b581318ab65e9b72f27f23e641d
http://marc.info/?l=linux-xfs\u0026m=139590613002926\u0026w=2
http://rhn.redhat.com/errata/RHSA-2014-1943.html
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.2
http://www.openwall.com/lists/oss-security/2014/10/01/29
http://www.securityfocus.com/bid/70261
https://bugzilla.redhat.com/show_bug.cgi?id=1148777
https://github.com/torvalds/linux/commit/c88547a8119e3b581318ab65e9b72f27f23e641d

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-7283
CWE	https://cwe.mitre.org/data/definitions/399.html