Race condition in Linux kernel - CVE-2015-7613
Published: December 21, 2016 / Updated: April 17, 2018
Vulnerability identifier: #VU2591
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2015-7613
CWE-ID: CWE-362
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the IPC object implementation due to race condition. A local attacker can trigger an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c and gain root privileges.
The weakness exists in the IPC object implementation due to race condition. A local attacker can trigger an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c and gain root privileges.
How to mitigate CVE-2015-7613
Update to version 4.2.3.