CVE-2015-8543 (High) detected in linuxv3.10

Question

CVE-2015-8543 (High) detected in linuxv3.10

Opened this issue 4 years ago · 0 comments

mend-bolt-for-github commented 4 years ago

CVE-2015-8543 - High Severity Vulnerability

Vulnerable Library - linuxv3.10

Linux kernel source tree

Library home page: https://github.com/torvalds/linux.git

Found in HEAD commit: adc86a86e0ac98007fd3af905bc71e9f29c1502c

Found in base branch: xsentinel-1.7-experimental

Vulnerable Source Files (2)

android_kernel_samsung_j7elte/net/decnet/af_decnet.c
android_kernel_samsung_j7elte/net/decnet/af_decnet.c

Vulnerability Details

The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.

Publish Date: 2015-12-28

URL: CVE-2015-8543

CVSS 3 Score Details (7.0)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8543

Release Date: 2015-12-28

Fix Resolution: v4.4-rc6

Step up your Open Source Security Game with WhiteSource here