Denial of service in Linux kernel and linux_kernel (Debian package) - CVE-2015-1350
Published: May 16, 2017
Vulnerability identifier: #VU6551
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2015-1350
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Debian
Debian
Affected software:
Linux kernel
linux_kernel (Debian package)
Linux kernel
linux_kernel (Debian package)
Detailed vulnerability description
The vulnerability allows a local attacker to cause DoS conditions on the target system.
The weakness exists due to underspecified removing of extended privilege attributes caused by incomplete set of requirements for setattr operations. A local can invoke chown or system call, trigger an error in notify_change for filesystem xattrs and cause the ping or Wireshark dumpcap program to crash.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists due to underspecified removing of extended privilege attributes caused by incomplete set of requirements for setattr operations. A local can invoke chown or system call, trigger an error in notify_change for filesystem xattrs and cause the ping or Wireshark dumpcap program to crash.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2015-1350
Install update from vendor's website.