Privilege escalation in Linux kernel - CVE-2015-3288
Published: October 17, 2016 / Updated: October 17, 2016
Vulnerability identifier: #VU1007
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2015-3288
CWE-ID: CWE-388
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to obtain elevated privileges.
The vulnerability exists due to mishandling of anonymous pages. Triggering writing to page zero via a specially crafted application attacker can gain elevated privileges or cause page tainting.
Successful exploitation of the vulnerability may result in denial of service on the vulnerable system.
The vulnerability exists due to mishandling of anonymous pages. Triggering writing to page zero via a specially crafted application attacker can gain elevated privileges or cause page tainting.
Successful exploitation of the vulnerability may result in denial of service on the vulnerable system.
How to mitigate CVE-2015-3288
Update to version 4.1.4.