Main Vulnerability Database SB2015122803

SB2015122803 - NULL pointer dereference in Linux kernel

Published: December 28, 2015 Updated: April 17, 2018

Security Bulletin ID SB2015122803

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2015-8543)

The vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.

The weakness exists in the networking implementation due to improper validation of protocol identifiers for certain protocol families. A local attacker can trigger NULL pointer dereference or gain root privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=79462ad02e861803b3840cc782248c7359451cd9