CVE-2015-1465

 

Published at: - 05-04-2015 11:59

Last modified: - 26-01-2023 07:54

Total changes: - 3

Description

The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:N/I:N/A:C

 

Verification logic

 

Reference

• https://bugzilla.redhat.com/show_bug.cgi?id=1183744
• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=df4d92549f23e1c037e83323aff58a21b3de7fe0
• https://github.com/torvalds/linux/commit/df4d92549f23e1c037e83323aff58a21b3de7fe0
• [oss-security] 20150203 Re: CVE request -- Linux kernel - net: DoS due to routing packets to too many different dsts/too fast-Mailing List, Third Party Advisory
• http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.8
• USN-2545-1-Third Party Advisory
• USN-2546-1-Third Party Advisory
• 72435-Third Party Advisory, VDB Entry
• SUSE-SU-2015:1489-Mailing List, Third Party Advisory
• SUSE-SU-2015:1488-Mailing List, Third Party Advisory
• openSUSE-SU-2015:1382-Mailing List, Third Party Advisory
• USN-2563-1-Third Party Advisory
• USN-2562-1-Third Party Advisory
• 1036763-Third Party Advisory, VDB Entry

 

Keywords

NVD

 

CVE-2015-1465

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures