PT-2015-3393 · Linux+5 · Linux Kernel+5

Cong Wang

+1

·

Publicado

2015-12-17

·

Atualizado

2024-06-15

·

CVE-2015-8543

CVSS v3.1

7.0

Alta

VetorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 4.3.3
Description The issue is related to the networking implementation in the Linux kernel, which does not properly validate protocol identifiers for certain protocol families. This can be exploited by local users to cause a denial of service, resulting in a system crash due to a NULL function pointer dereference. It is also possible for attackers to gain privileges by executing a crafted SOCK RAW application, leveraging CLONE NEWUSER support. The vulnerability may allow an attacker to access confidential data, compromise its integrity, and cause a denial of service.
Recommendations For Linux kernel versions through 4.3.3, update to a version newer than 4.3.3 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

Exploit

Correção

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2016-1018
ALT-PU-2016-1052
BDU:2021-01293
CESA-2016_0855
CESA-2016_2574
CVE-2015-8543
DLA-378-1
DSA-3426-1
DSA-3426-2
DSA-3434-1
MGASA-2016-0225
MGASA-2016-0232
MGASA-2016-0233
MGASA-2016-0281
OPENSUSE-SU-2016_0280-1
OPENSUSE-SU-2016_0301-1
OPENSUSE-SU-2016_0318-1
OPENSUSE-SU-2024:10069-1
RHSA-2016:0855
RHSA-2016:2574
RHSA-2016:2584
RHSA-2016_0855
RHSA-2016_2574
RHSA-2016_2584
SUSE-SU-2016:0168-1
SUSE-SU-2016:0585-1
SUSE-SU-2016:0911-1
SUSE-SU-2016:1102-1
SUSE-SU-2016:1203-1
SUSE-SU-2016:2074-1
USN-2886-1
USN-2886-2
USN-2888-1
USN-2890-1
USN-2890-2
USN-2890-3
USN-2907-1
USN-2907-2
USN-2910-1
USN-2910-2

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu