PT-2015-3393 · Linux+5 · Linux Kernel+5

Cong Wang

+1

·

Published

2015-12-17

·

Updated

2024-06-15

·

CVE-2015-8543

CVSS v3.1

7.0

High

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 4.3.3
Description The issue is related to the networking implementation in the Linux kernel, which does not properly validate protocol identifiers for certain protocol families. This can be exploited by local users to cause a denial of service, resulting in a system crash due to a NULL function pointer dereference. It is also possible for attackers to gain privileges by executing a crafted SOCK RAW application, leveraging CLONE NEWUSER support. The vulnerability may allow an attacker to access confidential data, compromise its integrity, and cause a denial of service.
Recommendations For Linux kernel versions through 4.3.3, update to a version newer than 4.3.3 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2016-1018
ALT-PU-2016-1052
BDU:2021-01293
CESA-2016_0855
CESA-2016_2574
CVE-2015-8543
DLA-378-1
DSA-3426-1
DSA-3426-2
DSA-3434-1
MGASA-2016-0225
MGASA-2016-0232
MGASA-2016-0233
MGASA-2016-0281
OPENSUSE-SU-2016_0280-1
OPENSUSE-SU-2016_0301-1
OPENSUSE-SU-2016_0318-1
OPENSUSE-SU-2024:10069-1
RHSA-2016:0855
RHSA-2016:2574
RHSA-2016:2584
RHSA-2016_0855
RHSA-2016_2574
RHSA-2016_2584
SUSE-SU-2016:0168-1
SUSE-SU-2016:0585-1
SUSE-SU-2016:0911-1
SUSE-SU-2016:1102-1
SUSE-SU-2016:1203-1
SUSE-SU-2016:2074-1
USN-2886-1
USN-2886-2
USN-2888-1
USN-2890-1
USN-2890-2
USN-2890-3
USN-2907-1
USN-2907-2
USN-2910-1
USN-2910-2

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu