ID CVE-2015-5697
Summary The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.
References
Vulnerable Configurations
  • Linux Kernel 4.1.5
    cpe:2.3:o:linux:linux_kernel:4.1.5
CVSS
Base: 2.1 (as of 31-08-2015 - 09:17)
Impact:
Exploitability:
CWE CWE-200
CAPEC
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-3066.NASL
    description Description of changes: kernel-uek [3.8.13-98.1.1.el7uek] - md: use kzalloc() when bitmap is disabled (Benjamin Randazzo) [Orabug: 21563041] {CVE-2015-5697}
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 85261
    published 2015-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85261
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3066)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-13396.NASL
    description The 4.1.5 update contains a number of important fixes across the tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 85556
    published 2015-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85556
    title Fedora 22 : kernel-4.1.5-200.fc22 (2015-13396)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2752-1.NASL
    description Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. (CVE-2015-5697) Marc-Andre Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). (CVE-2015-6252). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 86207
    published 2015-09-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86207
    title Ubuntu 15.04 : linux vulnerabilities (USN-2752-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-3067.NASL
    description Description of changes: [2.6.39-400.250.10.el5uek] - md: use kzalloc() when bitmap is disabled (Benjamin Randazzo) [Orabug: 21563042] {CVE-2015-5697} - netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len (Andrey Vagin) [Orabug: 21562780] {CVE-2014-9715}
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 85262
    published 2015-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85262
    title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3067)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-3068.NASL
    description Description of changes: kernel-uek [2.6.32-400.37.10.el5uek] - md: use kzalloc() when bitmap is disabled (Benjamin Randazzo) [Orabug: 21563043] {CVE-2015-5697} - netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len (Andrey Vagin) [Orabug: 21562781] {CVE-2014-9715}
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 85263
    published 2015-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85263
    title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3068)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2749-1.NASL
    description Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. (CVE-2015-5697) Marc-Andre Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). (CVE-2015-6252). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 86204
    published 2015-09-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86204
    title Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2749-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2748-1.NASL
    description Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. (CVE-2015-5697) Marc-Andre Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). (CVE-2015-6252). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 86190
    published 2015-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86190
    title Ubuntu 14.04 LTS : linux vulnerabilities (USN-2748-1)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0037.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2016-0037 for details.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 90019
    published 2016-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90019
    title OracleVM 3.2 : kernel-uek (OVMSA-2016-0037)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0113.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - md: use kzalloc when bitmap is disabled (Benjamin Randazzo) [Orabug: 21563041] (CVE-2015-5697)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 85340
    published 2015-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85340
    title OracleVM 3.3 : kernel-uek (OVMSA-2015-0113)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-310.NASL
    description This update fixes the CVEs described below. CVE-2015-0272 It was discovered that NetworkManager would set IPv6 MTUs based on the values received in IPv6 RAs (Router Advertisements), without sufficiently validating these values. A remote attacker could exploit this attack to disable IPv6 connectivity. This has been mitigated by adding validation in the kernel. CVE-2015-5156 Jason Wang discovered that when a virtio_net device is connected to a bridge in the same VM, a series of TCP packets forwarded through the bridge may cause a heap buffer overflow. A remote attacker could use this to cause a denial of service (crash) or possibly for privilege escalation. CVE-2015-5364 It was discovered that the Linux kernel does not properly handle invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. CVE-2015-5366 It was discovered that the Linux kernel does not properly handle invalid UDP checksums. A remote attacker can cause a denial of service against applications that use epoll by injecting a single packet with an invalid checksum. CVE-2015-5697 A flaw was discovered in the md driver in the Linux kernel leading to an information leak. CVE-2015-5707 An integer overflow in the SCSI generic driver in the Linux kernel was discovered. A local user with write permission on a SCSI generic device could potentially exploit this flaw for privilege escalation. CVE-2015-6937 It was found that the Reliable Datagram Sockets (RDS) protocol implementation did not verify that an underlying transport exists when creating a connection. Depending on how a local RDS application initialised its sockets, a remote attacker might be able to cause a denial of service (crash) by sending a crafted packet. For the oldoldstable distribution (squeeze), these problems have been fixed in version 2.6.32-48squeeze14. For the oldstable distribution (wheezy), these problems have been fixed in version 3.2.68-1+deb7u4 or earlier. For the stable distribution (jessie), these problems have been fixed in version 3.16.7-ckt11-1+deb8u4 or earlier. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 86049
    published 2015-09-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86049
    title Debian DLA-310-1 : linux-2.6 security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-12908.NASL
    description Update to latest upstream stable release, Linux v4.1.4. Fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 85363
    published 2015-08-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85363
    title Fedora 22 : kernel-4.1.4-200.fc22 (2015-12908)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-13391.NASL
    description The 4.1.5 update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 85555
    published 2015-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85555
    title Fedora 21 : kernel-4.1.5-100.fc21 (2015-13391)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1727-1.NASL
    description The SUSE Linux Enterprise 12 kernel was updated to 3.12.48-52.27 to receive various security and bugfixes. Following security bugs were fixed : - CVE-2015-7613: A flaw was found in the Linux kernel IPC code that could lead to arbitrary code execution. The ipc_addid() function initialized a shared object that has unset uid/gid values. Since the fields are not initialized, the check can falsely succeed. (bsc#948536) - CVE-2015-5156: When a guests KVM network devices is in a bridge configuration the kernel can create a situation in which packets are fragmented in an unexpected fashion. The GRO functionality can create a situation in which multiple SKB's are chained together in a single packets fraglist (by design). (bsc#940776) - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI (bsc#938706). - CVE-2015-6252: A flaw was found in the way the Linux kernel's vhost driver treated userspace provided log file descriptor when processing the VHOST_SET_LOG_FD ioctl command. The file descriptor was never released and continued to consume kernel memory. A privileged local user with access to the /dev/vhost-net files could use this flaw to create a denial-of-service attack (bsc#942367). - CVE-2015-5697: The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call. (bnc#939994) - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#945825) - CVE-2015-5283: A NULL pointer dereference flaw was found in SCTP implementation allowing a local user to cause system DoS. Creation of multiple sockets in parallel when system doesn't have SCTP module loaded can lead to kernel panic. (bsc#947155) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 86378
    published 2015-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86378
    title SUSE SLED12 / SLES12 Security Update : kernel-source (SUSE-SU-2015:1727-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2777-1.NASL
    description It was discovered that virtio networking in the Linux kernel did not handle fragments correctly, leading to kernel memory corruption. A remote attacker could use this to cause a denial of service (system crash) or possibly execute code with administrative privileges. (CVE-2015-5156) Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. (CVE-2015-5697) Marc-Andre Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). (CVE-2015-6252) It was discovered that the Reliable Datagram Sockets (RDS) implementation in the Linux kernel did not verify sockets were properly bound before attempting to send a message, which could cause a NULL pointer dereference. An attacker could use this to cause a denial of service (system crash). (CVE-2015-6937) Ben Hutchings discovered that the Advanced Union Filesystem (aufs) for the Linux kernel did not correctly handle references of memory mapped files from an aufs mount. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2015-7312). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 86468
    published 2015-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86468
    title Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2777-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2751-1.NASL
    description Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. (CVE-2015-5697) Marc-Andre Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). (CVE-2015-6252). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 86206
    published 2015-09-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86206
    title Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-2751-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3329.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. - CVE-2015-1333 Colin Ian King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem. A local user can exploit this flaw to cause a denial of service due to memory exhaustion. - CVE-2015-3212 Ji Jianwen of Red Hat Engineering discovered a flaw in the handling of the SCTPs automatic handling of dynamic multi-homed connections. A local attacker could use this flaw to cause a crash or potentially for privilege escalation. - CVE-2015-4692 A NULL pointer dereference flaw was found in the kvm_apic_has_events function in the KVM subsystem. A unprivileged local user could exploit this flaw to crash the system kernel resulting in denial of service. - CVE-2015-4700 Daniel Borkmann discovered a flaw in the Linux kernel implementation of the Berkeley Packet Filter which can be used by a local user to crash the system. - CVE-2015-5364 It was discovered that the Linux kernel does not properly handle invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. - CVE-2015-5366 It was discovered that the Linux kernel does not properly handle invalid UDP checksums. A remote attacker can cause a denial of service against applications that use epoll by injecting a single packet with an invalid checksum. - CVE-2015-5697 A flaw was discovered in the md driver in the Linux kernel leading to an information leak. - CVE-2015-5706 An user triggerable use-after-free vulnerability in path lookup in the Linux kernel could potentially lead to privilege escalation. - CVE-2015-5707 An integer overflow in the SCSI generic driver in the Linux kernel was discovered. A local user with write permission on a SCSI generic device could potentially exploit this flaw for privilege escalation.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85281
    published 2015-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85281
    title Debian DSA-3329-1 : linux - security update
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0147.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0147 for details.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 86882
    published 2015-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86882
    title OracleVM 3.3 : kernel-uek (OVMSA-2015-0147)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-3098.NASL
    description The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen 2019-02-21
    modified 2016-11-14
    plugin id 86881
    published 2015-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86881
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3098)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0057.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 99163
    published 2017-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99163
    title OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-12917.NASL
    description Update to latest upstream stable release, Linux v4.1.4. Fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 85364
    published 2015-08-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85364
    title Fedora 21 : kernel-4.1.4-100.fc21 (2015-12917)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2731-1.NASL
    description Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 85799
    published 2015-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85799
    title Ubuntu 12.04 LTS : linux vulnerability (USN-2731-1)
refmap via4
bid 76066
confirm
debian DSA-3329
fedora
  • FEDORA-2015-12908
  • FEDORA-2015-12917
  • FEDORA-2015-13391
  • FEDORA-2015-13396
mlist [oss-security] 20150728 CVE request: Linux kernel - information leak in md driver
sectrack 1033211
suse SUSE-SU-2015:1727
ubuntu
  • USN-2731-1
  • USN-2732-1
  • USN-2748-1
  • USN-2749-1
  • USN-2751-1
  • USN-2752-1
  • USN-2777-1
Last major update 21-12-2016 - 22:00
Published 31-08-2015 - 06:59
Last modified 20-09-2017 - 21:29
Back to Top