Multiple vulnerabilities in Linux Kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2015-8767 CVE-2015-8324 CVE-2015-2925 CVE-2015-5157 CVE-2015-8953 |
| CWE-ID | CWE-362 CWE-476 CWE-22 CWE-264 CWE-399 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Race condition
EUVDB-ID: #VU3882
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-8767
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in net/sctp/sm_sideeffect.c due to improper management of the relationship between a lock and a socket. A local attacker can submit a specially crafted sctp_accept call, trigger race condition and cause the service to crash.
Update to version 4.3.
Vulnerable software versionsLinux kernel: 4.2
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU3871
Risk: Low
CVSSv3.1: 2.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-8324
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a physical attacker to cause DoS condition on the target system.
The weakness exists in the ext4 implementation due to improper track of the initialization of certain data structures. A physical attacker can submit a specially crafted USB device, related to the ext4_fill_super function, trigger NULL pointer dereference and cause the service to crash.
Update to version 2.6.34.
Vulnerable software versionsLinux kernel: 2.6.33 - 2.6.33.7
External linksQ & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Path traversal
EUVDB-ID: #VU2597
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-2925
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the prepend_path function in fs/dcache.c due to improper handling of rename actions inside a bind mount. A local attacker can bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack" and gain root privileges.
Update to version 4.2.4.
Vulnerable software versionsLinux kernel: 4.2.0 - 4.2.3
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Privilege escalation
EUVDB-ID: #VU2590
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-5157
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in arch/x86/entry/entry_64.S on the x86_64 platform due to mishandling of IRET faults in processing NMIs that occurred during userspace execution. A local attacker can trigger NMI and bypass security restrictions.
Update to version 4.1.6.
Vulnerable software versionsLinux kernel: 4.1.1 - 4.1.4
External linkshttp://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Denial of service
EUVDB-ID: #VU1020
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-8953
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The weakness is due to using of an incorrect cleanup code path by fs/overlayfs/copy_up.c.
Performing filesystem operations on a large file in a lower overlayfs layer, attackers can trigger DoS conditions.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
Update to version 4.2.6.
Linux kernel: 3.2.78-1 - 4.4.25
External linkshttp://bugzilla.redhat.com/show_bug.cgi?id=1367814
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
