NULL pointer dereference in Linux kernel - CVE-2015-8543
Published: April 1, 2016 / Updated: April 17, 2018
Vulnerability identifier: #VU3873
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2015-8543
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.
The weakness exists in the networking implementation due to improper validation of protocol identifiers for certain protocol families. A local attacker can trigger NULL pointer dereference or gain root privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.
The weakness exists in the networking implementation due to improper validation of protocol identifiers for certain protocol families. A local attacker can trigger NULL pointer dereference or gain root privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.
How to mitigate CVE-2015-8543
Update to version 4.3.3.