PT-2016-3847 · Linux+2 · Linux Kernel+2

Martin Prpič

Publicado

2015-10-09

Atualizado

2016-11-28

CVE-2015-8019

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions 3.14.54 and 3.18.22

Description The issue is related to the skb copy and csum datagram iovec function in net/core/datagram.c, which does not accept a length argument. This allows local users to cause a denial of service, potentially resulting in memory corruption, via a write system call followed by a recvmsg system call.

Recommendations For Linux kernel version 3.14.54, update to a version that includes a fix for this issue. For Linux kernel version 3.18.22, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the skb copy and csum datagram iovec function until a patch is available.

Exploit

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2015-1849

CVE-2015-8019

SUSE-SU-2016:1961-1

SUSE-SU-2016:1994-1

SUSE-SU-2016:1995-1

SUSE-SU-2016:2005-1

SUSE-SU-2016:2009-1

Produtos afetados

Alt Linux

Linux Kernel

Suse

PT-2016-3847 · Linux+2 · Linux Kernel+2

CVE-2015-8019

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 136