CVE-2015-3636

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.0.3

Description The issue is related to the ping unhash function in the Linux kernel, which does not properly initialize a list data structure during an unhash operation. This can be exploited by local users to gain privileges or cause a denial of service, resulting in a use-after-free condition and potentially a system crash. The exploitation involves making a SOCK DGRAM socket system call for the IPPROTO ICMP or IPPROTO ICMPV6 protocol, followed by a connect system call after a disconnect.

Recommendations For Linux kernel versions prior to 4.0.3, update to version 4.0.3 or later to resolve the issue. As a temporary workaround, consider restricting the ability to make SOCK DGRAM socket system calls for the IPPROTO ICMP or IPPROTO ICMPV6 protocol to minimize the risk of exploitation.