Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2016-AVI-103
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans le noyau Linux de Suse. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
Vendor | Product | Description | ||
---|---|---|---|---|
SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12 | ||
SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12 | ||
SUSE | N/A | SUSE Linux Enterprise Module for Public Cloud 12 | ||
SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 12 | ||
SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12 | ||
SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12 |
References
Title | Publication Time | Tags | |
---|---|---|---|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "SUSE Linux Enterprise Workstation Extension 12", "product": { "name": "N/A", "vendor": { "name": "SUSE", "scada": false } } }, { "description": "SUSE Linux Enterprise Live Patching 12", "product": { "name": "SUSE Linux Enterprise Live Patching", "vendor": { "name": "SUSE", "scada": false } } }, { "description": "SUSE Linux Enterprise Module for Public Cloud 12", "product": { "name": "N/A", "vendor": { "name": "SUSE", "scada": false } } }, { "description": "SUSE Linux Enterprise Desktop 12", "product": { "name": "SUSE Linux Enterprise Desktop", "vendor": { "name": "SUSE", "scada": false } } }, { "description": "SUSE Linux Enterprise Software Development Kit 12", "product": { "name": "N/A", "vendor": { "name": "SUSE", "scada": false } } }, { "description": "SUSE Linux Enterprise Server 12", "product": { "name": "SUSE Linux Enterprise Server", "vendor": { "name": "SUSE", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2015-8767", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8767" }, { "name": "CVE-2016-0723", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0723" }, { "name": "CVE-2015-8785", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8785" }, { "name": "CVE-2015-5707", "url": "https://www.cve.org/CVERecord?id=CVE-2015-5707" }, { "name": "CVE-2016-0774", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0774" }, { "name": "CVE-2013-7446", "url": "https://www.cve.org/CVERecord?id=CVE-2013-7446" }, { "name": "CVE-2015-8709", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8709" }, { "name": "CVE-2016-2384", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2384" }, { "name": "CVE-2016-2069", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2069" }, { "name": "CVE-2015-8812", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8812" } ], "initial_release_date": "2016-03-18T00:00:00", "last_revision_date": "2016-03-18T00:00:00", "links": [ { "title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2016:0785-1 du 16 mars 2016", "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160785-1.html" } ], "reference": "CERTFR-2016-AVI-103", "revisions": [ { "description": "version initiale.", "revision_date": "2016-03-18T00:00:00.000000" } ], "risks": [ { "description": "Ex\u00e9cution de code arbitraire" }, { "description": "D\u00e9ni de service" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de Suse\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nun d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Suse", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2016:0785-1 du 16 mars 2016", "url": null } ] }
CVE-2015-8812 (GCVE-0-2015-8812)
Vulnerability from cvelistv5
Published
2016-04-27 17:00
Modified
2024-08-06 08:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:29:22.037Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "name": "SUSE-SU-2016:1038", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html" }, { "name": "USN-2949-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2949-1" }, { "name": "83218", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/83218" }, { "name": "SUSE-SU-2016:1033", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "SUSE-SU-2016:1034", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html" }, { "name": "USN-2947-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2947-3" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3" }, { "name": "RHSA-2016:2584", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "SUSE-SU-2016:1035", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html" }, { "name": "RHSA-2016:2574", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "USN-2947-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2947-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303532" }, { "name": "SUSE-SU-2016:1031", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html" }, { "name": "USN-2947-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2947-1" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "[oss-security] 20160211 Linux kernel: Flaw in CXGB3 driver.", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/02/11/1" }, { "name": "SUSE-SU-2016:1019", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html" }, { "name": "SUSE-SU-2016:1037", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html" }, { "name": "SUSE-SU-2016:1045", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html" }, { "name": "USN-2946-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2946-2" }, { "name": "SUSE-SU-2016:1032", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html" }, { "name": "SUSE-SU-2016:1039", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "SUSE-SU-2016:1041", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html" }, { "name": "SUSE-SU-2016:1046", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3" }, { "name": "USN-2948-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2948-1" }, { "name": "USN-2946-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2946-1" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "USN-2948-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2948-2" }, { "name": "SUSE-SU-2016:1040", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-02-11T00:00:00", "descriptions": [ { "lang": "en", "value": "drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "name": "SUSE-SU-2016:1038", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html" }, { "name": "USN-2949-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2949-1" }, { "name": "83218", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/83218" }, { "name": "SUSE-SU-2016:1033", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "SUSE-SU-2016:1034", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html" }, { "name": "USN-2947-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2947-3" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3" }, { "name": "RHSA-2016:2584", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "SUSE-SU-2016:1035", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html" }, { "name": "RHSA-2016:2574", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "USN-2947-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2947-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303532" }, { "name": "SUSE-SU-2016:1031", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html" }, { "name": "USN-2947-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2947-1" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "[oss-security] 20160211 Linux kernel: Flaw in CXGB3 driver.", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/02/11/1" }, { "name": "SUSE-SU-2016:1019", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html" }, { "name": "SUSE-SU-2016:1037", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html" }, { "name": "SUSE-SU-2016:1045", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html" }, { "name": "USN-2946-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2946-2" }, { "name": "SUSE-SU-2016:1032", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html" }, { "name": "SUSE-SU-2016:1039", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "SUSE-SU-2016:1041", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html" }, { "name": "SUSE-SU-2016:1046", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3" }, { "name": "USN-2948-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2948-1" }, { "name": "USN-2946-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2946-1" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "USN-2948-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2948-2" }, { "name": "SUSE-SU-2016:1040", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8812", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-2967-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "name": "SUSE-SU-2016:1038", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html" }, { "name": "USN-2949-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2949-1" }, { "name": "83218", "refsource": "BID", "url": "http://www.securityfocus.com/bid/83218" }, { "name": "SUSE-SU-2016:1033", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html" }, { "name": "DSA-3503", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "SUSE-SU-2016:1034", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html" }, { "name": "USN-2947-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2947-3" }, { "name": "USN-2967-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3" }, { "name": "RHSA-2016:2584", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "SUSE-SU-2016:1035", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html" }, { "name": "RHSA-2016:2574", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "SUSE-SU-2016:1764", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "USN-2947-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2947-2" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1303532", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303532" }, { "name": "SUSE-SU-2016:1031", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html" }, { "name": "USN-2947-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2947-1" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "[oss-security] 20160211 Linux kernel: Flaw in CXGB3 driver.", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/02/11/1" }, { "name": "SUSE-SU-2016:1019", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html" }, { "name": "SUSE-SU-2016:1037", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html" }, { "name": "SUSE-SU-2016:1045", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html" }, { "name": "USN-2946-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2946-2" }, { "name": "SUSE-SU-2016:1032", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html" }, { "name": "SUSE-SU-2016:1039", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "SUSE-SU-2016:1041", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html" }, { "name": "SUSE-SU-2016:1046", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html" }, { "name": "https://github.com/torvalds/linux/commit/67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3" }, { "name": "USN-2948-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2948-1" }, { "name": "USN-2946-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2946-1" }, { "name": "openSUSE-SU-2016:1008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "USN-2948-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2948-2" }, { "name": "SUSE-SU-2016:1040", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8812", "datePublished": "2016-04-27T17:00:00", "dateReserved": "2016-02-11T00:00:00", "dateUpdated": "2024-08-06T08:29:22.037Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2016-0723 (GCVE-0-2016-0723)
Vulnerability from cvelistv5
Published
2016-02-08 02:00
Modified
2024-08-05 22:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:30:03.991Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2016-0723" }, { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296253" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c17c861a357e9458001f021a7afa7aab9937439" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://source.android.com/security/bulletin/2016-07-01.html" }, { "name": "USN-2929-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "82950", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/82950" }, { "name": "FEDORA-2016-5d43766e33", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "name": "1035695", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035695" }, { "name": "USN-2948-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2948-1" }, { "name": "DSA-3448", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3448" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "USN-2929-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/5c17c861a357e9458001f021a7afa7aab9937439" }, { "name": "USN-2948-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2948-2" }, { "name": "FEDORA-2016-2f25d12c51", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K43650115" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-31T00:00:00", "descriptions": [ { "lang": "en", "value": "Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-07-19T17:06:05", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security-tracker.debian.org/tracker/CVE-2016-0723" }, { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296253" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c17c861a357e9458001f021a7afa7aab9937439" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://source.android.com/security/bulletin/2016-07-01.html" }, { "name": "USN-2929-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "82950", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/82950" }, { "name": "FEDORA-2016-5d43766e33", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "name": "1035695", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035695" }, { "name": "USN-2948-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2948-1" }, { "name": "DSA-3448", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3448" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "USN-2929-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/5c17c861a357e9458001f021a7afa7aab9937439" }, { "name": "USN-2948-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2948-2" }, { "name": "FEDORA-2016-2f25d12c51", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K43650115" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-0723", "datePublished": "2016-02-08T02:00:00", "dateReserved": "2015-12-16T00:00:00", "dateUpdated": "2024-08-05T22:30:03.991Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-8767 (GCVE-0-2015-8767)
Vulnerability from cvelistv5
Published
2016-02-08 02:00
Modified
2024-08-06 08:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:29:21.651Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "name": "RHSA-2016:1341", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2016:1341" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "name": "RHSA-2016:0715", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0715.html" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "RHSA-2016:1301", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2016:1301" }, { "name": "[oss-security] 20160111 CVE Request: Linux kernel - SCTP denial of service during heartbeat timeout functions.", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/11/4" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=635682a14427d241bab7bbdeebb48a7d7b91638e" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1297389" }, { "name": "FEDORA-2016-5d43766e33", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "80268", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/80268" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/635682a14427d241bab7bbdeebb48a7d7b91638e" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "DSA-3448", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3448" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "RHSA-2016:1277", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2016:1277" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-09-24T00:00:00", "descriptions": [ { "lang": "en", "value": "net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-02T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "name": "RHSA-2016:1341", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2016:1341" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "name": "RHSA-2016:0715", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0715.html" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "RHSA-2016:1301", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2016:1301" }, { "name": "[oss-security] 20160111 CVE Request: Linux kernel - SCTP denial of service during heartbeat timeout functions.", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/11/4" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=635682a14427d241bab7bbdeebb48a7d7b91638e" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1297389" }, { "name": "FEDORA-2016-5d43766e33", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "80268", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/80268" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/635682a14427d241bab7bbdeebb48a7d7b91638e" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "DSA-3448", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3448" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "RHSA-2016:1277", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2016:1277" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8767", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-2930-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "USN-2967-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "name": "RHSA-2016:1341", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:1341" }, { "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "name": "RHSA-2016:0715", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0715.html" }, { "name": "USN-2930-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "RHSA-2016:1301", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:1301" }, { "name": "[oss-security] 20160111 CVE Request: Linux kernel - SCTP denial of service during heartbeat timeout functions.", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/11/4" }, { "name": "DSA-3503", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=635682a14427d241bab7bbdeebb48a7d7b91638e", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=635682a14427d241bab7bbdeebb48a7d7b91638e" }, { "name": "USN-2930-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "USN-2932-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1297389", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1297389" }, { "name": "FEDORA-2016-5d43766e33", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "80268", "refsource": "BID", "url": "http://www.securityfocus.com/bid/80268" }, { "name": "https://github.com/torvalds/linux/commit/635682a14427d241bab7bbdeebb48a7d7b91638e", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/635682a14427d241bab7bbdeebb48a7d7b91638e" }, { "name": "USN-2931-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "DSA-3448", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3448" }, { "name": "openSUSE-SU-2016:1008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "RHSA-2016:1277", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:1277" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8767", "datePublished": "2016-02-08T02:00:00", "dateReserved": "2016-01-11T00:00:00", "dateUpdated": "2024-08-06T08:29:21.651Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-7446 (GCVE-0-2013-7446)
Vulnerability from cvelistv5
Published
2015-12-28 11:00
Modified
2024-08-06 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:09:16.999Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SUSE-SU-2016:0750", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://groups.google.com/forum/#%21topic/syzkaller/3twDUI4Cpm8" }, { "name": "1034557", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034557" }, { "name": "SUSE-SU-2016:2010", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html" }, { "name": "SUSE-SU-2016:2011", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html" }, { "name": "SUSE-SU-2016:2003", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html" }, { "name": "SUSE-SU-2016:0751", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html" }, { "name": "SUSE-SU-2016:0747", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html" }, { "name": "SUSE-SU-2016:0755", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html" }, { "name": "SUSE-SU-2016:1994", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html" }, { "name": "USN-2887-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2887-2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://forums.grsecurity.net/viewtopic.php?f=3\u0026t=4150" }, { "name": "SUSE-SU-2016:0757", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html" }, { "name": "SUSE-SU-2016:1961", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html" }, { "name": "SUSE-SU-2016:2001", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html" }, { "name": "[netdev] 20150304 [PATCH net] af_unix: don\u0027t poll dead peers", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.spinics.net/lists/netdev/msg318826.html" }, { "name": "SUSE-SU-2016:0753", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2887-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2887-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "SUSE-SU-2016:2006", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c" }, { "name": "USN-2889-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2889-1" }, { "name": "SUSE-SU-2016:2014", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html" }, { "name": "openSUSE-SU-2016:1641", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html" }, { "name": "USN-2889-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2889-2" }, { "name": "SUSE-SU-2016:0746", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html" }, { "name": "[linux-kernel] 20150913 List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lkml.org/lkml/2015/9/13/195" }, { "name": "SUSE-SU-2016:0749", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3" }, { "name": "77638", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/77638" }, { "name": "SUSE-SU-2016:2009", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html" }, { "name": "SUSE-SU-2016:2005", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html" }, { "name": "[linux-kernel] 20140515 eventpoll __list_del_entry corruption (was: perf: use after free in perf_remove_from_context)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lkml.org/lkml/2014/5/15/532" }, { "name": "SUSE-SU-2016:2007", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282688" }, { "name": "SUSE-SU-2016:2000", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html" }, { "name": "SUSE-SU-2016:0745", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html" }, { "name": "DSA-3426", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2015/dsa-3426" }, { "name": "SUSE-SU-2016:1995", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html" }, { "name": "[oss-security] 20151118 Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2015/11/18/16" }, { "name": "SUSE-SU-2016:2002", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html" }, { "name": "[linux-kernel] 20131014 Re: epoll oops.", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lkml.org/lkml/2013/10/14/424" }, { "name": "SUSE-SU-2016:0756", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "SUSE-SU-2016:0754", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00042.html" }, { "name": "SUSE-SU-2016:0752", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-10-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-05T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "SUSE-SU-2016:0750", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://groups.google.com/forum/#%21topic/syzkaller/3twDUI4Cpm8" }, { "name": "1034557", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034557" }, { "name": "SUSE-SU-2016:2010", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html" }, { "name": "SUSE-SU-2016:2011", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html" }, { "name": "SUSE-SU-2016:2003", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html" }, { "name": "SUSE-SU-2016:0751", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html" }, { "name": "SUSE-SU-2016:0747", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html" }, { "name": "SUSE-SU-2016:0755", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html" }, { "name": "SUSE-SU-2016:1994", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html" }, { "name": "USN-2887-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2887-2" }, { "tags": [ "x_refsource_MISC" ], "url": "https://forums.grsecurity.net/viewtopic.php?f=3\u0026t=4150" }, { "name": "SUSE-SU-2016:0757", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html" }, { "name": "SUSE-SU-2016:1961", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html" }, { "name": "SUSE-SU-2016:2001", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html" }, { "name": "[netdev] 20150304 [PATCH net] af_unix: don\u0027t poll dead peers", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.spinics.net/lists/netdev/msg318826.html" }, { "name": "SUSE-SU-2016:0753", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2887-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2887-1" }, { "name": "USN-2890-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "SUSE-SU-2016:2006", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c" }, { "name": "USN-2889-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2889-1" }, { "name": "SUSE-SU-2016:2014", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html" }, { "name": "openSUSE-SU-2016:1641", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html" }, { "name": "USN-2889-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2889-2" }, { "name": "SUSE-SU-2016:0746", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html" }, { "name": "[linux-kernel] 20150913 List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lkml.org/lkml/2015/9/13/195" }, { "name": "SUSE-SU-2016:0749", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3" }, { "name": "77638", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/77638" }, { "name": "SUSE-SU-2016:2009", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html" }, { "name": "SUSE-SU-2016:2005", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html" }, { "name": "[linux-kernel] 20140515 eventpoll __list_del_entry corruption (was: perf: use after free in perf_remove_from_context)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lkml.org/lkml/2014/5/15/532" }, { "name": "SUSE-SU-2016:2007", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282688" }, { "name": "SUSE-SU-2016:2000", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html" }, { "name": "SUSE-SU-2016:0745", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html" }, { "name": "DSA-3426", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2015/dsa-3426" }, { "name": "SUSE-SU-2016:1995", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html" }, { "name": "[oss-security] 20151118 Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2015/11/18/16" }, { "name": "SUSE-SU-2016:2002", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html" }, { "name": "[linux-kernel] 20131014 Re: epoll oops.", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lkml.org/lkml/2013/10/14/424" }, { "name": "SUSE-SU-2016:0756", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c" }, { "name": "USN-2890-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "SUSE-SU-2016:0754", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00042.html" }, { "name": "SUSE-SU-2016:0752", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html" }, { "name": "USN-2888-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7446", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SUSE-SU-2016:0750", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html" }, { "name": "https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8", "refsource": "CONFIRM", "url": "https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8" }, { "name": "1034557", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034557" }, { "name": "SUSE-SU-2016:2010", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html" }, { "name": "SUSE-SU-2016:2011", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html" }, { "name": "SUSE-SU-2016:2003", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html" }, { "name": "SUSE-SU-2016:0751", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html" }, { "name": "SUSE-SU-2016:0747", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html" }, { "name": "SUSE-SU-2016:0755", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html" }, { "name": "SUSE-SU-2016:1994", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html" }, { "name": "USN-2887-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2887-2" }, { "name": "https://forums.grsecurity.net/viewtopic.php?f=3\u0026t=4150", "refsource": "MISC", "url": "https://forums.grsecurity.net/viewtopic.php?f=3\u0026t=4150" }, { "name": "SUSE-SU-2016:0757", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html" }, { "name": "SUSE-SU-2016:1961", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html" }, { "name": "SUSE-SU-2016:2001", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html" }, { "name": "[netdev] 20150304 [PATCH net] af_unix: don\u0027t poll dead peers", "refsource": "MLIST", "url": "http://www.spinics.net/lists/netdev/msg318826.html" }, { "name": "SUSE-SU-2016:0753", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html" }, { "name": "USN-2886-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "USN-2887-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2887-1" }, { "name": "USN-2890-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-3" }, { "name": "SUSE-SU-2016:2006", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c" }, { "name": "USN-2889-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2889-1" }, { "name": "SUSE-SU-2016:2014", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html" }, { "name": "openSUSE-SU-2016:1641", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html" }, { "name": "USN-2889-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2889-2" }, { "name": "SUSE-SU-2016:0746", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html" }, { "name": "[linux-kernel] 20150913 List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket", "refsource": "MLIST", "url": "https://lkml.org/lkml/2015/9/13/195" }, { "name": "SUSE-SU-2016:0749", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3" }, { "name": "77638", "refsource": "BID", "url": "http://www.securityfocus.com/bid/77638" }, { "name": "SUSE-SU-2016:2009", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html" }, { "name": "SUSE-SU-2016:2005", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html" }, { "name": "[linux-kernel] 20140515 eventpoll __list_del_entry corruption (was: perf: use after free in perf_remove_from_context)", "refsource": "MLIST", "url": "https://lkml.org/lkml/2014/5/15/532" }, { "name": "SUSE-SU-2016:2007", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "USN-2890-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-2" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1282688", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282688" }, { "name": "SUSE-SU-2016:2000", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html" }, { "name": "SUSE-SU-2016:0745", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html" }, { "name": "DSA-3426", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3426" }, { "name": "SUSE-SU-2016:1995", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html" }, { "name": "[oss-security] 20151118 Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/11/18/16" }, { "name": "SUSE-SU-2016:2002", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html" }, { "name": "[linux-kernel] 20131014 Re: epoll oops.", "refsource": "MLIST", "url": "https://lkml.org/lkml/2013/10/14/424" }, { "name": "SUSE-SU-2016:0756", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html" }, { "name": "https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c" }, { "name": "USN-2890-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2890-1" }, { "name": "SUSE-SU-2016:0754", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00042.html" }, { "name": "SUSE-SU-2016:0752", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html" }, { "name": "USN-2888-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2888-1" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-7446", "datePublished": "2015-12-28T11:00:00", "dateReserved": "2015-11-18T00:00:00", "dateUpdated": "2024-08-06T18:09:16.999Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-8709 (GCVE-0-2015-8709)
Vulnerability from cvelistv5
Published
2016-02-08 02:00
Modified
2024-08-06 08:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states "there is no kernel bug here.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:29:20.934Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SUSE-SU-2016:1038", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html" }, { "name": "SUSE-SU-2016:1033", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html" }, { "name": "SUSE-SU-2016:1034", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html" }, { "name": "[linux-kernel] 20151226 [PATCH] ptrace: being capable wrt a process requires mapped uids/gids", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lkml.org/lkml/2015/12/25/71" }, { "name": "SUSE-SU-2016:1035", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html" }, { "name": "[linux-kernel] 20160106 Re: [PATCH] ptrace: being capable wrt a process requires mapped uids/gids", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://marc.info/?l=linux-kernel\u0026m=145204641422813\u0026w=2" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1031", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html" }, { "name": "SUSE-SU-2016:1019", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html" }, { "name": "[oss-security] 20151231 Re: CVE Request: Linux kernel: privilege escalation in user namespaces", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2015/12/31/5" }, { "name": "[oss-security] 20151217 CVE Request: Linux kernel: privilege escalation in user namespaces", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2015/12/17/12" }, { "name": "SUSE-SU-2016:1037", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html" }, { "name": "SUSE-SU-2016:1045", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html" }, { "name": "[linux-kernel] 20160106 Re: [PATCH] ptrace: being capable wrt a process requires mapped uids/gids", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://marc.info/?l=linux-kernel\u0026m=145204362722256\u0026w=2" }, { "name": "FEDORA-2016-5d43766e33", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:1032", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html" }, { "name": "SUSE-SU-2016:1039", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html" }, { "name": "SUSE-SU-2016:1041", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html" }, { "name": "SUSE-SU-2016:1046", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html" }, { "name": "79899", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/79899" }, { "name": "1034899", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034899" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1295287" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "SUSE-SU-2016:1040", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-12-17T00:00:00", "descriptions": [ { "lang": "en", "value": "kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states \"there is no kernel bug here." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-03T18:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian" }, "references": [ { "name": "SUSE-SU-2016:1038", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html" }, { "name": "SUSE-SU-2016:1033", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html" }, { "name": "SUSE-SU-2016:1034", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html" }, { "name": "[linux-kernel] 20151226 [PATCH] ptrace: being capable wrt a process requires mapped uids/gids", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lkml.org/lkml/2015/12/25/71" }, { "name": "SUSE-SU-2016:1035", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html" }, { "name": "[linux-kernel] 20160106 Re: [PATCH] ptrace: being capable wrt a process requires mapped uids/gids", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://marc.info/?l=linux-kernel\u0026m=145204641422813\u0026w=2" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1031", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html" }, { "name": "SUSE-SU-2016:1019", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html" }, { "name": "[oss-security] 20151231 Re: CVE Request: Linux kernel: privilege escalation in user namespaces", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2015/12/31/5" }, { "name": "[oss-security] 20151217 CVE Request: Linux kernel: privilege escalation in user namespaces", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2015/12/17/12" }, { "name": "SUSE-SU-2016:1037", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html" }, { "name": "SUSE-SU-2016:1045", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html" }, { "name": "[linux-kernel] 20160106 Re: [PATCH] ptrace: being capable wrt a process requires mapped uids/gids", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://marc.info/?l=linux-kernel\u0026m=145204362722256\u0026w=2" }, { "name": "FEDORA-2016-5d43766e33", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:1032", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html" }, { "name": "SUSE-SU-2016:1039", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html" }, { "name": "SUSE-SU-2016:1041", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html" }, { "name": "SUSE-SU-2016:1046", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html" }, { "name": "79899", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/79899" }, { "name": "1034899", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034899" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1295287" }, { "name": "DSA-3434", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "SUSE-SU-2016:1040", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html" } ], "tags": [ "disputed" ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@debian.org", "ID": "CVE-2015-8709", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "** DISPUTED ** kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states \"there is no kernel bug here.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SUSE-SU-2016:1038", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html" }, { "name": "SUSE-SU-2016:1033", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html" }, { "name": "SUSE-SU-2016:1034", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html" }, { "name": "[linux-kernel] 20151226 [PATCH] ptrace: being capable wrt a process requires mapped uids/gids", "refsource": "MLIST", "url": "https://lkml.org/lkml/2015/12/25/71" }, { "name": "SUSE-SU-2016:1035", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html" }, { "name": "[linux-kernel] 20160106 Re: [PATCH] ptrace: being capable wrt a process requires mapped uids/gids", "refsource": "MLIST", "url": "http://marc.info/?l=linux-kernel\u0026m=145204641422813\u0026w=2" }, { "name": "SUSE-SU-2016:1764", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1031", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html" }, { "name": "SUSE-SU-2016:1019", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html" }, { "name": "[oss-security] 20151231 Re: CVE Request: Linux kernel: privilege escalation in user namespaces", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/12/31/5" }, { "name": "[oss-security] 20151217 CVE Request: Linux kernel: privilege escalation in user namespaces", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/12/17/12" }, { "name": "SUSE-SU-2016:1037", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html" }, { "name": "SUSE-SU-2016:1045", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html" }, { "name": "[linux-kernel] 20160106 Re: [PATCH] ptrace: being capable wrt a process requires mapped uids/gids", "refsource": "MLIST", "url": "http://marc.info/?l=linux-kernel\u0026m=145204362722256\u0026w=2" }, { "name": "FEDORA-2016-5d43766e33", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html" }, { "name": "SUSE-SU-2016:1032", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html" }, { "name": "SUSE-SU-2016:1039", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html" }, { "name": "SUSE-SU-2016:1041", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html" }, { "name": "SUSE-SU-2016:1046", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html" }, { "name": "79899", "refsource": "BID", "url": "http://www.securityfocus.com/bid/79899" }, { "name": "1034899", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034899" }, { "name": "openSUSE-SU-2016:1008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1295287", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1295287" }, { "name": "DSA-3434", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3434" }, { "name": "SUSE-SU-2016:1040", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2015-8709", "datePublished": "2016-02-08T02:00:00", "dateReserved": "2015-12-31T00:00:00", "dateUpdated": "2024-08-06T08:29:20.934Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2016-2069 (GCVE-0-2016-2069)
Vulnerability from cvelistv5
Published
2016-04-27 17:00
Modified
2024-08-05 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T23:17:50.485Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "81809", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/81809" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "name": "[oss-security] 20160124 CVE Request: x86 Linux TLB flush bug", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/1" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "RHSA-2016:2584", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "RHSA-2016:2574", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "RHSA-2017:0817", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "USN-2989-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2989-1" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/71b3c126e61177eb693423f2e18a1914205b165e" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301893" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "USN-2998-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2998-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71b3c126e61177eb693423f2e18a1914205b165e" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-24T00:00:00", "descriptions": [ { "lang": "en", "value": "Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "81809", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/81809" }, { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "name": "[oss-security] 20160124 CVE Request: x86 Linux TLB flush bug", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/1" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "RHSA-2016:2584", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "RHSA-2016:2574", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "RHSA-2017:0817", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "USN-2989-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2989-1" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/71b3c126e61177eb693423f2e18a1914205b165e" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301893" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "USN-2998-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2998-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71b3c126e61177eb693423f2e18a1914205b165e" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-2069", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "81809", "refsource": "BID", "url": "http://www.securityfocus.com/bid/81809" }, { "name": "USN-2967-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" }, { "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "name": "[oss-security] 20160124 CVE Request: x86 Linux TLB flush bug", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/25/1" }, { "name": "DSA-3503", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "USN-2967-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "RHSA-2016:2584", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "RHSA-2016:2574", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "RHSA-2017:0817", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html" }, { "name": "USN-2932-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "USN-2989-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2989-1" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "https://github.com/torvalds/linux/commit/71b3c126e61177eb693423f2e18a1914205b165e", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/71b3c126e61177eb693423f2e18a1914205b165e" }, { "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1301893", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301893" }, { "name": "USN-2931-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "openSUSE-SU-2016:1008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "USN-2998-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2998-1" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71b3c126e61177eb693423f2e18a1914205b165e", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71b3c126e61177eb693423f2e18a1914205b165e" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-2069", "datePublished": "2016-04-27T17:00:00", "dateReserved": "2016-01-26T00:00:00", "dateUpdated": "2024-08-05T23:17:50.485Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-8785 (GCVE-0-2015-8785)
Vulnerability from cvelistv5
Published
2016-02-08 02:00
Modified
2024-08-06 08:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:29:21.986Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290642" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/3ca8138f014a913f98e6ef40e939868e1e9ea876" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "81688", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/81688" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ca8138f014a913f98e6ef40e939868e1e9ea876" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "name": "[oss-security] 20160124 CVE Request: Linux: fuse: possible denial of service in fuse_fill_write_pages()", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/24/1" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-11-10T00:00:00", "descriptions": [ { "lang": "en", "value": "The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-02T20:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290642" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/3ca8138f014a913f98e6ef40e939868e1e9ea876" }, { "name": "USN-2886-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "81688", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/81688" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ca8138f014a913f98e6ef40e939868e1e9ea876" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "name": "[oss-security] 20160124 CVE Request: Linux: fuse: possible denial of service in fuse_fill_write_pages()", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/24/1" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@debian.org", "ID": "CVE-2015-8785", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1290642", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290642" }, { "name": "https://github.com/torvalds/linux/commit/3ca8138f014a913f98e6ef40e939868e1e9ea876", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/3ca8138f014a913f98e6ef40e939868e1e9ea876" }, { "name": "USN-2886-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2886-1" }, { "name": "DSA-3503", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "81688", "refsource": "BID", "url": "http://www.securityfocus.com/bid/81688" }, { "name": "SUSE-SU-2016:1764", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ca8138f014a913f98e6ef40e939868e1e9ea876", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ca8138f014a913f98e6ef40e939868e1e9ea876" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "name": "[oss-security] 20160124 CVE Request: Linux: fuse: possible denial of service in fuse_fill_write_pages()", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/24/1" }, { "name": "openSUSE-SU-2016:1008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2015-8785", "datePublished": "2016-02-08T02:00:00", "dateReserved": "2016-01-24T00:00:00", "dateUpdated": "2024-08-06T08:29:21.986Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2015-5707 (GCVE-0-2015-5707)
Vulnerability from cvelistv5
Published
2015-10-19 10:00
Modified
2024-08-06 06:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T06:59:04.042Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2738-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2738-1" }, { "name": "SUSE-SU-2015:2089", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00030.html" }, { "name": "USN-2733-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2733-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdc81f45e9f57858da6351836507fbcf1b7583ee" }, { "name": "SUSE-SU-2015:2087", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00029.html" }, { "name": "USN-2750-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2750-1" }, { "name": "USN-2737-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2737-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "SUSE-SU-2015:1611", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html" }, { "name": "DSA-3329", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2015/dsa-3329" }, { "name": "1033521", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1033521" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1250030" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/fdc81f45e9f57858da6351836507fbcf1b7583ee" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=451a2886b6bf90e2fb378f7c46c655450fb96e81" }, { "name": "USN-2760-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2760-1" }, { "name": "SUSE-SU-2015:2091", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00032.html" }, { "name": "SUSE-SU-2015:1478", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html" }, { "name": "USN-2759-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2759-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/451a2886b6bf90e2fb378f7c46c655450fb96e81" }, { "name": "SUSE-SU-2015:2084", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00026.html" }, { "name": "SUSE-SU-2015:2085", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00027.html" }, { "name": "USN-2734-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2734-1" }, { "name": "[oss-security] 20150801 CVE request: Integer overflow in SCSI generic driver in Linux \u003c4.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2015/08/01/6" }, { "name": "SUSE-SU-2015:2086", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00028.html" }, { "name": "SUSE-SU-2015:1592", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html" }, { "name": "SUSE-SU-2015:2090", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00031.html" }, { "name": "76145", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/76145" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-08-01T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-16T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-2738-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2738-1" }, { "name": "SUSE-SU-2015:2089", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00030.html" }, { "name": "USN-2733-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2733-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdc81f45e9f57858da6351836507fbcf1b7583ee" }, { "name": "SUSE-SU-2015:2087", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00029.html" }, { "name": "USN-2750-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2750-1" }, { "name": "USN-2737-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2737-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "SUSE-SU-2015:1611", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html" }, { "name": "DSA-3329", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2015/dsa-3329" }, { "name": "1033521", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1033521" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1250030" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/fdc81f45e9f57858da6351836507fbcf1b7583ee" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=451a2886b6bf90e2fb378f7c46c655450fb96e81" }, { "name": "USN-2760-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2760-1" }, { "name": "SUSE-SU-2015:2091", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00032.html" }, { "name": "SUSE-SU-2015:1478", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html" }, { "name": "USN-2759-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2759-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/451a2886b6bf90e2fb378f7c46c655450fb96e81" }, { "name": "SUSE-SU-2015:2084", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00026.html" }, { "name": "SUSE-SU-2015:2085", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00027.html" }, { "name": "USN-2734-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2734-1" }, { "name": "[oss-security] 20150801 CVE request: Integer overflow in SCSI generic driver in Linux \u003c4.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2015/08/01/6" }, { "name": "SUSE-SU-2015:2086", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00028.html" }, { "name": "SUSE-SU-2015:1592", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html" }, { "name": "SUSE-SU-2015:2090", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00031.html" }, { "name": "76145", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/76145" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-5707", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-2738-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2738-1" }, { "name": "SUSE-SU-2015:2089", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00030.html" }, { "name": "USN-2733-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2733-1" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdc81f45e9f57858da6351836507fbcf1b7583ee", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdc81f45e9f57858da6351836507fbcf1b7583ee" }, { "name": "SUSE-SU-2015:2087", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00029.html" }, { "name": "USN-2750-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2750-1" }, { "name": "USN-2737-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2737-1" }, { "name": "https://source.android.com/security/bulletin/2017-07-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "name": "SUSE-SU-2015:1611", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html" }, { "name": "DSA-3329", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3329" }, { "name": "1033521", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033521" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1250030", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1250030" }, { "name": "https://github.com/torvalds/linux/commit/fdc81f45e9f57858da6351836507fbcf1b7583ee", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/fdc81f45e9f57858da6351836507fbcf1b7583ee" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=451a2886b6bf90e2fb378f7c46c655450fb96e81", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=451a2886b6bf90e2fb378f7c46c655450fb96e81" }, { "name": "USN-2760-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2760-1" }, { "name": "SUSE-SU-2015:2091", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00032.html" }, { "name": "SUSE-SU-2015:1478", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html" }, { "name": "USN-2759-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2759-1" }, { "name": "https://github.com/torvalds/linux/commit/451a2886b6bf90e2fb378f7c46c655450fb96e81", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/451a2886b6bf90e2fb378f7c46c655450fb96e81" }, { "name": "SUSE-SU-2015:2084", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00026.html" }, { "name": "SUSE-SU-2015:2085", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00027.html" }, { "name": "USN-2734-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2734-1" }, { "name": "[oss-security] 20150801 CVE request: Integer overflow in SCSI generic driver in Linux \u003c4.1", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/08/01/6" }, { "name": "SUSE-SU-2015:2086", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00028.html" }, { "name": "SUSE-SU-2015:1592", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html" }, { "name": "SUSE-SU-2015:2090", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00031.html" }, { "name": "76145", "refsource": "BID", "url": "http://www.securityfocus.com/bid/76145" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-5707", "datePublished": "2015-10-19T10:00:00", "dateReserved": "2015-08-02T00:00:00", "dateUpdated": "2024-08-06T06:59:04.042Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2016-0774 (GCVE-0-2016-0774)
Vulnerability from cvelistv5
Published
2016-04-27 17:00
Modified
2024-08-05 22:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:30:04.108Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://source.android.com/security/bulletin/2016-05-01.html" }, { "name": "SUSE-SU-2016:1038", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html" }, { "name": "SUSE-SU-2016:1033", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "SUSE-SU-2016:1034", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "RHSA-2016:0494", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0494.html" }, { "name": "USN-2968-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2968-1" }, { "name": "SUSE-SU-2016:1035", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html" }, { "name": "SUSE-SU-2016:1031", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html" }, { "name": "SUSE-SU-2016:1037", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html" }, { "name": "SUSE-SU-2016:1045", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html" }, { "name": "USN-2968-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2968-2" }, { "name": "SUSE-SU-2016:1032", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html" }, { "name": "SUSE-SU-2016:1039", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html" }, { "name": "RHSA-2016:0617", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0617.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2016-0774" }, { "name": "SUSE-SU-2016:1041", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html" }, { "name": "SUSE-SU-2016:1046", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html" }, { "name": "84126", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/84126" }, { "name": "SUSE-SU-2016:1040", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303961" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-04-27T00:00:00", "descriptions": [ { "lang": "en", "value": "The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an \"I/O vector array overrun.\" NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-30T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "USN-2967-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://source.android.com/security/bulletin/2016-05-01.html" }, { "name": "SUSE-SU-2016:1038", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html" }, { "name": "SUSE-SU-2016:1033", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "SUSE-SU-2016:1034", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html" }, { "name": "USN-2967-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2967-2" }, { "name": "RHSA-2016:0494", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0494.html" }, { "name": "USN-2968-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2968-1" }, { "name": "SUSE-SU-2016:1035", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html" }, { "name": "SUSE-SU-2016:1031", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html" }, { "name": "SUSE-SU-2016:1037", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html" }, { "name": "SUSE-SU-2016:1045", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html" }, { "name": "USN-2968-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2968-2" }, { "name": "SUSE-SU-2016:1032", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html" }, { "name": "SUSE-SU-2016:1039", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html" }, { "name": "RHSA-2016:0617", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0617.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security-tracker.debian.org/tracker/CVE-2016-0774" }, { "name": "SUSE-SU-2016:1041", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html" }, { "name": "SUSE-SU-2016:1046", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html" }, { "name": "84126", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/84126" }, { "name": "SUSE-SU-2016:1040", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303961" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-0774", "datePublished": "2016-04-27T17:00:00", "dateReserved": "2015-12-16T00:00:00", "dateUpdated": "2024-08-05T22:30:04.108Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2016-2384 (GCVE-0-2016-2384)
Vulnerability from cvelistv5
Published
2016-04-27 17:00
Modified
2024-08-05 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T23:24:49.255Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1035072", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035072" }, { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "[oss-security] 20160214 CVE Request: Linux: ALSA: usb-audio: double-free triggered by invalid USB descriptor", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/02/14/2" }, { "name": "SUSE-SU-2016:1038", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html" }, { "name": "SUSE-SU-2016:1033", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "SUSE-SU-2016:1034", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html" }, { "name": "RHSA-2016:2584", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "SUSE-SU-2016:1035", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html" }, { "name": "RHSA-2016:2574", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1031", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-2384" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/07d86ca93db7e5cdf4743564d98292042ec21af7" }, { "name": "RHSA-2017:0817", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308444" }, { "name": "SUSE-SU-2016:1019", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html" }, { "name": "SUSE-SU-2016:1037", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html" }, { "name": "SUSE-SU-2016:1045", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html" }, { "name": "USN-2929-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "SUSE-SU-2016:1032", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html" }, { "name": "SUSE-SU-2016:1039", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "SUSE-SU-2016:1041", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html" }, { "name": "SUSE-SU-2016:1046", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07d86ca93db7e5cdf4743564d98292042ec21af7" }, { "name": "USN-2928-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2928-1" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "USN-2928-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2928-2" }, { "name": "83256", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/83256" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "USN-2929-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "SUSE-SU-2016:1040", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-02-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian" }, "references": [ { "name": "1035072", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035072" }, { "name": "USN-2930-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "[oss-security] 20160214 CVE Request: Linux: ALSA: usb-audio: double-free triggered by invalid USB descriptor", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/02/14/2" }, { "name": "SUSE-SU-2016:1038", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html" }, { "name": "SUSE-SU-2016:1033", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html" }, { "name": "USN-2930-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "DSA-3503", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "SUSE-SU-2016:1034", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html" }, { "name": "RHSA-2016:2584", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "SUSE-SU-2016:1035", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html" }, { "name": "RHSA-2016:2574", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "SUSE-SU-2016:1764", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1031", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html" }, { "name": "USN-2930-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-2384" }, { "name": "SUSE-SU-2016:1102", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/07d86ca93db7e5cdf4743564d98292042ec21af7" }, { "name": "RHSA-2017:0817", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308444" }, { "name": "SUSE-SU-2016:1019", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html" }, { "name": "SUSE-SU-2016:1037", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html" }, { "name": "SUSE-SU-2016:1045", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html" }, { "name": "USN-2929-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "SUSE-SU-2016:1032", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html" }, { "name": "SUSE-SU-2016:1039", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html" }, { "name": "SUSE-SU-2016:2074", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "SUSE-SU-2016:1041", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html" }, { "name": "SUSE-SU-2016:1046", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07d86ca93db7e5cdf4743564d98292042ec21af7" }, { "name": "USN-2928-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2928-1" }, { "name": "USN-2931-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "USN-2928-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2928-2" }, { "name": "83256", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/83256" }, { "name": "openSUSE-SU-2016:1008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "USN-2929-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "SUSE-SU-2016:1040", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html" }, { "name": "SUSE-SU-2016:0911", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@debian.org", "ID": "CVE-2016-2384", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1035072", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035072" }, { "name": "USN-2930-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-1" }, { "name": "[oss-security] 20160214 CVE Request: Linux: ALSA: usb-audio: double-free triggered by invalid USB descriptor", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/02/14/2" }, { "name": "SUSE-SU-2016:1038", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html" }, { "name": "SUSE-SU-2016:1033", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html" }, { "name": "USN-2930-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-2" }, { "name": "DSA-3503", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3503" }, { "name": "SUSE-SU-2016:1034", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html" }, { "name": "RHSA-2016:2584", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html" }, { "name": "SUSE-SU-2016:1035", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html" }, { "name": "RHSA-2016:2574", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html" }, { "name": "SUSE-SU-2016:1764", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html" }, { "name": "SUSE-SU-2016:1031", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html" }, { "name": "USN-2930-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-3" }, { "name": "https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-2384", "refsource": "MISC", "url": "https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-2384" }, { "name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" }, { "name": "https://github.com/torvalds/linux/commit/07d86ca93db7e5cdf4743564d98292042ec21af7", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/07d86ca93db7e5cdf4743564d98292042ec21af7" }, { "name": "RHSA-2017:0817", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1308444", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308444" }, { "name": "SUSE-SU-2016:1019", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html" }, { "name": "SUSE-SU-2016:1037", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html" }, { "name": "SUSE-SU-2016:1045", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html" }, { "name": "USN-2929-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2929-1" }, { "name": "USN-2932-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2932-1" }, { "name": "SUSE-SU-2016:1032", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html" }, { "name": "SUSE-SU-2016:1039", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html" }, { "name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" }, { "name": "SUSE-SU-2016:1041", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html" }, { "name": "SUSE-SU-2016:1046", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07d86ca93db7e5cdf4743564d98292042ec21af7", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07d86ca93db7e5cdf4743564d98292042ec21af7" }, { "name": "USN-2928-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2928-1" }, { "name": "USN-2931-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2931-1" }, { "name": "USN-2928-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2928-2" }, { "name": "83256", "refsource": "BID", "url": "http://www.securityfocus.com/bid/83256" }, { "name": "openSUSE-SU-2016:1008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html" }, { "name": "USN-2929-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2929-2" }, { "name": "SUSE-SU-2016:1040", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html" }, { "name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2016-2384", "datePublished": "2016-04-27T17:00:00", "dateReserved": "2016-02-14T00:00:00", "dateUpdated": "2024-08-05T23:24:49.255Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…