Unrated severityNVD Advisory· Published May 27, 2015· Updated Jun 17, 2026
CVE-2014-9710
CVE-2014-9710
Description
The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
17- osv-coords15 versionspkg:rpm/suse/kernel-bigmem&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/kernel-pae&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/kernel-ppc64&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/kernel-trace&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/kernel-trace&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/kgraft-patch-SLE12_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012
< 3.0.101-108.95.2+ 14 more
- (no CPE)range: < 3.0.101-108.95.2
- (no CPE)range: < 3.0.101-0.63.TDC.1
- (no CPE)range: < 3.0.101-108.95.2
- (no CPE)range: < 3.0.101-108.95.2
- (no CPE)range: < 3.0.101-108.95.2
- (no CPE)range: < 3.0.101-108.95.2
- (no CPE)range: < 3.0.101-0.63.TDC.1
- (no CPE)range: < 3.0.101-108.95.1
- (no CPE)range: < 3.0.101-0.63.TDC.1
- (no CPE)range: < 3.0.101-108.95.1
- (no CPE)range: < 3.0.101-0.63.TDC.1
- (no CPE)range: < 3.0.101-108.95.2
- (no CPE)range: < 3.0.101-0.63.TDC.1
- (no CPE)range: < 3.0.101-108.95.2
- (no CPE)range: < 3-2.1
Patches
Vulnerability mechanics
References
7- github.com/torvalds/linux/commit/5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339nvdPatch
- git.kernel.orgnvdBroken LinkVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.htmlnvdMailing ListThird Party Advisory
- www.securitytracker.com/id/1032418nvdBroken LinkThird Party AdvisoryVDB Entry
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- www.openwall.com/lists/oss-security/2015/03/24/11nvdMailing List
News mentions
0No linked articles in our index yet.