PT-2015-6155 · Linux+3 · Linux Kernel+3

Vasyl Kaigorodov

Publicado

2014-12-15

Atualizado

2016-04-11

CVE-2015-3332

CVSS v2.0

4.9

Média

Vetor

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions 3.10.x through 3.16.x

Description The issue is related to a backport in the TCP Fast Open implementation for the Linux kernel. It does not properly maintain a count value, allowing local users to cause a denial of service, resulting in a system crash, via the Fast Open feature. This can be demonstrated by visiting the "chrome://flags/#enable-tcp-fast-open" URL when using certain kernel builds.

Recommendations For Linux kernel versions 3.10.x through 3.16.x, consider disabling the TCP Fast Open feature as a temporary workaround until a patch is available. Restrict access to the Fast Open feature to minimize the risk of exploitation.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

ALT-PU-2014-2452

ALT-PU-2015-1794

CVE-2015-3332

DSA-3237-1

MGASA-2015-0171

MGASA-2015-0172

MGASA-2015-0219

SUSE-SU-2015:1071-1

USN-2615-1

USN-2616-1

USN-2619-1

USN-2620-1

Produtos afetados

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2015-6155 · Linux+3 · Linux Kernel+3

CVE-2015-3332

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 478