Lucene search

[email protected]NVD:CVE-2015-8539

HistoryFeb 08, 2016 - 3:59 a.m.

CVE-2015-8539

2016-02-0803:59:03

CWE-269

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.1%

JSON

The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c.

Affected configurations

NVD

Node

canonicalubuntu_linuxMatch12.04-

canonicalubuntu_linuxMatch14.04esm

suselinux_enterprise_real_time_extensionMatch12sp1

Node

linuxlinux_kernelRange<4.4

linuxlinux_kernelMatch4.4rc1

linuxlinux_kernelMatch4.4rc2

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096fe9eaea40a17e125569f9e657e34cdb6d73bd

lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00008.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00011.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html

www.openwall.com/lists/oss-security/2015/12/09/1

access.redhat.com/errata/RHSA-2018:0151

access.redhat.com/errata/RHSA-2018:0152

access.redhat.com/errata/RHSA-2018:0181

bugzilla.redhat.com/show_bug.cgi?id=1284450

github.com/torvalds/linux/commit/096fe9eaea40a17e125569f9e657e34cdb6d73bd

usn.ubuntu.com/3798-1/

usn.ubuntu.com/3798-2/

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.1%

JSON

Related for NVD:CVE-2015-8539

ubuntucve1 debiancve1 prion1 suse20 cvelist1 veracode1 nessus18 virtuozzo1 cve1 redhat3 centos1 openvas12 oraclelinux1 ubuntu2 ibm2