#VU1007 Privilege escalation in Linux kernel - CVE-2015-3288
Published: October 17, 2016 / Updated: October 17, 2016
Vulnerability identifier: #VU1007
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2015-3288
CWE-ID: CWE-388
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to obtain elevated privileges.
The vulnerability exists due to mishandling of anonymous pages. Triggering writing to page zero via a specially crafted application attacker can gain elevated privileges or cause page tainting.
Successful exploitation of the vulnerability may result in denial of service on the vulnerable system.
The vulnerability exists due to mishandling of anonymous pages. Triggering writing to page zero via a specially crafted application attacker can gain elevated privileges or cause page tainting.
Successful exploitation of the vulnerability may result in denial of service on the vulnerable system.
Remediation
Update to version 4.1.4.