CVE-2015-6252

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 19-10-2015 12:59

Last modified: - 21-09-2022 08:44

Total changes: - 2

Description

The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:L/Au:N/C:N/I:N/A:P

Low

Attack complexity

Local

Attack vector

Low

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

2.1

Base score

3.9

2.9

Exploitability score

Impact score

Verification logic

Reference

[oss-security] 20150818 Re: CVE request: linux kernel:fd leak in vhost ioctl VHOST_SET_LOG_FD-
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.5
https://github.com/torvalds/linux/commit/7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5
https://bugzilla.redhat.com/show_bug.cgi?id=1251839
SUSE-SU-2016:2074-
76400-
SUSE-SU-2016:0354-
USN-2777-1-
SUSE-SU-2015:2108-
USN-2748-1-
USN-2752-1-
USN-2760-1-
USN-2759-1-
USN-2751-1-
USN-2749-1-
1033666-
SUSE-SU-2015:1727-
DSA-3364-

Keywords

CVE-2015-6252

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2015-6252

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures