CVE-2015-8543 (High) detected in linuxv3.10
Opened this issue · 0 comments
CVE-2015-8543 - High Severity Vulnerability
Vulnerable Library - linuxv3.10
Linux kernel source tree
Library home page: https://github.com/torvalds/linux.git
Found in HEAD commit: adc86a86e0ac98007fd3af905bc71e9f29c1502c
Found in base branch: xsentinel-1.7-experimental
Vulnerable Source Files (2)
android_kernel_samsung_j7elte/net/decnet/af_decnet.c
android_kernel_samsung_j7elte/net/decnet/af_decnet.c
Vulnerability Details
The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.
Publish Date: 2015-12-28
URL: CVE-2015-8543
CVSS 3 Score Details (7.0)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8543
Release Date: 2015-12-28
Fix Resolution: v4.4-rc6
Step up your Open Source Security Game with WhiteSource here