Lucene search

K

[email protected]NVD:CVE-2015-1420

HistoryMar 16, 2015 - 10:59 a.m.

CVE-2015-1420

2015-03-1610:59:06

CWE-362

[email protected]

web.nvd.nist.gov

1

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0

Percentile

10.1%

Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function.

Affected configurations

NVD

Node

debiandebian_linuxMatch7.0

Node

linuxlinux_kernelRange≤3.18.9

References

lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html

lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html

lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html

lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html

lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html

marc.info/?l=linux-kernel&m=142247707318982&w=2

www.debian.org/security/2015/dsa-3170

www.openwall.com/lists/oss-security/2015/01/29/12

www.securityfocus.com/bid/72357

www.ubuntu.com/usn/USN-2660-1

www.ubuntu.com/usn/USN-2661-1

www.ubuntu.com/usn/USN-2665-1

www.ubuntu.com/usn/USN-2667-1

bugzilla.redhat.com/show_bug.cgi?id=1187534

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0

Percentile

10.1%

Related for NVD:CVE-2015-1420

f52 debiancve1 ubuntu8 fedora9 kaspersky1 nessus23 cloudfoundry1 openvas26 ubuntucve1 cve1 cvelist1 prion1 securityvulns4 oraclelinux2 osv1 debian1 suse6