4.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
5.1%
A certain backport in the TCP Fast Open implementation for the Linux kernel
before 3.18 does not properly maintain a count value, which allow local
users to cause a denial of service (system crash) via the Fast Open
feature, as demonstrated by visiting the
chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through
3.16.x kernel builds, including longterm-maintenance releases and ckt (aka
Canonical Kernel Team) builds.
Author | Note |
---|---|
jdstrand | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support |
henrix | This CVE is specific to stable kernels between 3.10 and 3.16, so Trusty and Utopic are affected. All other series are not. |
thread.gmane.org/gmane.linux.network/359588
www.openwall.com/lists/oss-security/2015/04/14/14
launchpad.net/bugs/cve/CVE-2015-3332
nvd.nist.gov/vuln/detail/CVE-2015-3332
security-tracker.debian.org/tracker/CVE-2015-3332
ubuntu.com/security/notices/USN-2615-1
ubuntu.com/security/notices/USN-2616-1
ubuntu.com/security/notices/USN-2619-1
ubuntu.com/security/notices/USN-2620-1
www.cve.org/CVERecord?id=CVE-2015-3332