PT-2015-5374 · Linux+5 · Linux Kernel+5

Hector Marco Gisbert

Published

2015-02-13

Updated

2019-11-05

CVE-2015-1593

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.19.1

Description The issue is related to the stack randomization feature in the Linux kernel, which uses incorrect data types for the results of bitwise left-shift operations. This makes it easier for attackers to bypass the Address Space Layout Randomization (ASLR) protection mechanism by predicting the address of the top of the stack. The problem is associated with the randomize stack top function in fs/binfmt elf.c and the stack maxrandom size function in arch/x86/mm/mmap.c.

Recommendations For Linux kernel versions prior to 3.19.1, update to version 3.19.1 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2015-1186

ALT-PU-2015-1794

CESA-2015_1137

CESA-2015_1221

CESA-2019_3517

CVE-2015-1593

DLA-155-1

DSA-3170-1

MGASA-2015-0171

MGASA-2015-0172

MGASA-2015-0219

OPENSUSE-SU-2015_0713-1

OPENSUSE-SU-2015_0714-1

RHSA-2015:1137

RHSA-2015:1138

RHSA-2015:1139

RHSA-2015:1221

RHSA-2015_1137

RHSA-2015_1139

RHSA-2015_1221

RHSA-2019:3517

RHSA-2019_3517

SUSE-RU-2015:0621-1

SUSE-SU-2015:0581-1

SUSE-SU-2015:0736-1

SUSE-SU-2015:1174-1

SUSE-SU-2015:1376-1

USN-2560-1

USN-2561-1

USN-2562-1

USN-2563-1

USN-2564-1

USN-2565-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2015-5374 · Linux+5 · Linux Kernel+5

CVE-2015-1593

Weakness Enumeration

Related Identifiers

Affected Products

References · 68