SB2015060804 - Memory corruption in Linux kernel
Published: June 8, 2015
Security Bulletin ID
SB2015060804
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory corruption (CVE-ID: CVE-2015-4004)
The vulnerability allows a remote non-authenticated attacker to access sensitive information or perform a denial of service (DoS) attack.
The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
Remediation
Install update from vendor's website.
References
- http://openwall.com/lists/oss-security/2015/06/05/7
- https://lkml.org/lkml/2015/5/13/739
- http://www.ubuntu.com/usn/USN-3000-1
- http://www.ubuntu.com/usn/USN-2998-1
- http://www.ubuntu.com/usn/USN-3002-1
- http://www.ubuntu.com/usn/USN-3003-1
- http://www.ubuntu.com/usn/USN-3001-1
- http://www.ubuntu.com/usn/USN-3004-1
- http://www.ubuntu.com/usn/USN-2989-1
- http://www.securityfocus.com/bid/74669