6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
10.1%
DISPUTED kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles
uid and gid mappings, which allows local users to gain privileges by
establishing a user namespace, waiting for a root process to enter that
namespace with an unsafe uid or gid, and then using the ptrace system call.
NOTE: the vendor states “there is no kernel bug here.”
Author | Note |
---|---|
sbeattie | published fix has been reverted and replaced by upstream commit. Published kernels are not vulnerable to this, the status is tracking the state of the replaced commit coming through the trees. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | linux | < 3.13.0-103.150 | UNKNOWN |
ubuntu | 15.04 | noarch | linux | < 3.19.0-75.83 | UNKNOWN |
ubuntu | 15.10 | noarch | linux | < 4.2.0-22.27 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-51.72 | UNKNOWN |
ubuntu | 16.10 | noarch | linux | < 4.8.0-28.30 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-trusty | < 3.13.0-103.150~precise1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-utopic | < 3.16.0-57.77~14.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-vivid | < 3.19.0-75.83~14.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-wily | < 4.2.0-22.27~14.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-xenial | < 4.4.0-51.72~14.04.1 | UNKNOWN |
www.openwall.com/lists/oss-security/2015/12/31/5
launchpad.net/bugs/cve/CVE-2015-8709
lkml.org/lkml/2015/12/12/259
nvd.nist.gov/vuln/detail/CVE-2015-8709
security-tracker.debian.org/tracker/CVE-2015-8709
ubuntu.com/security/notices/USN-2847-1
ubuntu.com/security/notices/USN-2848-1
ubuntu.com/security/notices/USN-2849-1
ubuntu.com/security/notices/USN-2850-1
ubuntu.com/security/notices/USN-2851-1
ubuntu.com/security/notices/USN-2852-1
ubuntu.com/security/notices/USN-2853-1
ubuntu.com/security/notices/USN-2854-1
www.cve.org/CVERecord?id=CVE-2015-8709
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
10.1%