Lucene search

MitreCVE-2015-6937

HistoryOct 19, 2015 - 10:59 a.m.

CVE-2015-6937

2015-10-1910:59:07

mitre

web.nvd.nist.gov

112

cve-2015-6937

linux kernel

denial of service

null pointer dereference

system crash

nvd

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

AI Score

6.4

Confidence

High

EPSS

Percentile

10.1%

JSON

The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound.

Affected configurations

Nvd

Node

linuxlinux_kernelRange≤4.2.3

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
canonicalubuntu_linux12.04cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
debiandebian_linux7.0cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
canonical	ubuntu_linux	12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
canonical	ubuntu_linux	14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
debian	debian_linux	7.0	cpe:2.3:o:debian:debian_linux:7.0:::::::*
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=74e98eb085889b0d2d4908f59f6e00026063014f

lists.fedoraproject.org/pipermail/package-announce/2015-October/168447.html

lists.fedoraproject.org/pipermail/package-announce/2015-October/168539.html

lists.fedoraproject.org/pipermail/package-announce/2015-September/167358.html

lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html

lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html

lists.opensuse.org/opensuse-updates/2015-12/msg00039.html

www.debian.org/security/2015/dsa-3364

www.openwall.com/lists/oss-security/2015/09/14/3

www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/76767

www.securitytracker.com/id/1034453

www.ubuntu.com/usn/USN-2773-1

www.ubuntu.com/usn/USN-2774-1

www.ubuntu.com/usn/USN-2777-1

bugzilla.redhat.com/show_bug.cgi?id=1263139

github.com/torvalds/linux/commit/74e98eb085889b0d2d4908f59f6e00026063014f

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

AI Score

6.4

Confidence

High

EPSS

Percentile

10.1%

JSON

Related for CVE-2015-6937