Key Information Vulnerability Overview Vulnerability ID: Bug 1384851 (CVE-2016-8666) Description: In Linux kernel 4.4 and later versions, a page lock ordering bug exists in the XFS subsystem. This can be exploited by local users via certain functions in the group to launch a Denial-of-Service (DoS) attack, causing to fail and the system to hang. Affected Versions and Platforms Affected Linux Versions: 4.4 and higher Platforms: Linux systems, particularly environments using the XFS filesystem Example Affected Environments: XFS filesystems running in Docker containers with overlay2 or devicemapper (LVM thin pool as storage driver). Initial Submission and Status Reporter: Andrej Nemec Report Date: 2016-10-14 09:30:19 UTC Last Closed Date: 2016-11-02 17:50:24 UTC Current Status: CLOSED NOTABUG Severity and Priority Severity: Low Priority: Low Resolution Status The vulnerability was previously discussed and reported in the open-source community [1], but as of the last update on this page (2018-02-26), no official fix had been integrated into the mainline upstream code by developers. Related Patches and References Mentioned fix commit: fc0561cef (reverted) [2] References/Update Discussions: - http://seclists.org/oss-sec/2016/q4/118 - http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fc0561cef - http://www.spinics.net/lists/linux-xfs/msg01365.html - http://www.spinics.net/lists/linux-xfs/msg01372.html