CVE-2015-2041

 

Published at: - 21-04-2015 12:59

Last modified: - 21-09-2022 08:44

Total changes: - 2

Description

net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:L/Au:N/C:P/I:P/A:P

 

Verification logic

 

Reference

• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49
• [oss-security] 20150220 CVE-2015-2041 - Linux kernel - incorrect data type in llc2_timeout_table-Mailing List
• https://bugzilla.redhat.com/show_bug.cgi?id=1195350
• https://github.com/torvalds/linux/commit/6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49
• SUSE-SU-2015:0812-Mailing List
• DSA-3237-Third Party Advisory
• 72729-Third Party Advisory, VDB Entry
• SUSE-SU-2015:1478-Mailing List
• openSUSE-SU-2015:1382-Mailing List
• SUSE-SU-2015:1224-Mailing List
• USN-2565-1-Third Party Advisory
• USN-2564-1-Third Party Advisory
• USN-2563-1-Third Party Advisory
• USN-2562-1-Third Party Advisory
• USN-2561-1-Third Party Advisory
• USN-2560-1-Third Party Advisory

 

Keywords

NVD

 

CVE-2015-2041

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures