CVE-2015-7613

 

Published at: - 19-10-2015 12:59

Last modified: - 21-09-2022 08:44

Total changes: - 2

Description

Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:M/Au:N/C:C/I:C/A:C

 

Verification logic

 

Reference

• [oss-security] 20151001 CVE Request: Unauthorized access to IPC objects with SysV shm-Exploit
• https://github.com/torvalds/linux/commit/b9a532277938798b53178d5a66af6e2915cb27cf
• https://bugzilla.redhat.com/show_bug.cgi?id=1268270
• http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a532277938798b53178d5a66af6e2915cb27cf
• http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
• 76977-
• SUSE-SU-2015:2087-
• SUSE-SU-2015:2086-
• SUSE-SU-2015:2091-
• 1034592-
• SUSE-SU-2015:2090-
• 1034094-
• SUSE-SU-2015:2089-
• https://kc.mcafee.com/corporate/index?page=content&id=SB10146
• DSA-3372-
• SUSE-SU-2015:2084-
• SUSE-SU-2015:2085-
• RHSA-2015:2636-
• USN-2792-1-
• USN-2763-1-
• USN-2761-1-
• USN-2764-1-
• USN-2762-1-
• USN-2765-1-
• SUSE-SU-2015:1727-

 

Keywords

NVD

 

CVE-2015-7613

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures