Fedora 22 update for kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2015-8569 CVE-2015-8575 CVE-2015-7513 CVE-2015-7566 CVE-2015-8767 CVE-2016-0728 |
| CWE-ID | CWE-200 CWE-369 CWE-476 CWE-362 CWE-119 |
| Exploitation vector | Local |
| Public exploit |
Public exploit code for vulnerability #4 is available. Vulnerability #6 is being exploited in the wild. |
| Vulnerable software |
Fedora Operating systems & Components / Operating system kernel Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Information exposure
EUVDB-ID: #VU92477
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2015-8569
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to information exposure error within the pptp_bind() and pptp_connect() functions in drivers/net/ppp/pptp.c. A local privileged user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 22
kernel: before 4.3.3-200.fc22
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2016-f71868ce66
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information exposure
EUVDB-ID: #VU92475
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2015-8575
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to information exposure error within the sco_sock_bind() function in net/bluetooth/sco.c. A local non-authenticated attacker can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 22
kernel: before 4.3.3-200.fc22
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2016-f71868ce66
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Division by zero
EUVDB-ID: #VU91382
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2015-7513
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to a crash the entire system.
The vulnerability exists due to a division by zero error within the kvm_vm_ioctl_get_pit(), kvm_vm_ioctl_get_pit2() and kvm_vm_ioctl_set_pit2() functions in arch/x86/kvm/x86.c. A local user can a crash the entire system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 22
kernel: before 4.3.3-200.fc22
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2016-f71868ce66
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU90692
Risk: Low
CVSSv4.0: 3.2 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2015-7566
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: Yes
DescriptionThe vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the clie_5_attach() function in drivers/usb/serial/visor.c. A local non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 22
kernel: before 4.3.3-200.fc22
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2016-f71868ce66
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Race condition
EUVDB-ID: #VU3882
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2015-8767
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in net/sctp/sm_sideeffect.c due to improper management of the relationship between a lock and a socket. A local attacker can submit a specially crafted sctp_accept call, trigger race condition and cause the service to crash.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 22
kernel: before 4.3.3-200.fc22
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2016-f71868ce66
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free error
EUVDB-ID: #VU2513
Risk: Medium
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID: CVE-2016-0728
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to use-after-free error in the join_session_keyring() function in security/keys/process_keys.c when handling keyring object reference counting by Linux kernel's key management subsystem. A local attacker can overflow the usage field via a specially crafted object and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 22
kernel: before 4.3.3-200.fc22
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2016-f71868ce66
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
