CVE-2015-3636

 

Published at: - 06-08-2015 03:59

Last modified: - 21-09-2022 08:44

Total changes: - 2

Description

The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:L/Au:N/C:N/I:N/A:C

 

Verification logic

 

Reference

• [oss-security] 20150502 CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam-
• http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3
• http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326
• https://bugzilla.redhat.com/show_bug.cgi?id=1218074
• https://github.com/torvalds/linux/commit/a134f083e79fb4c3d0a925691e732c56911b4326
• DSA-3290-
• RHSA-2015:1564-
• USN-2631-1-
• USN-2632-1-
• http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
• 74450-
• USN-2634-1-
• USN-2633-1-
• FEDORA-2015-7736-
• FEDORA-2015-7784-
• FEDORA-2015-8518-
• SUSE-SU-2015:1478-
• SUSE-SU-2015:1491-
• SUSE-SU-2015:1489-
• SUSE-SU-2015:1488-
• SUSE-SU-2015:1487-
• openSUSE-SU-2015:1382-
• SUSE-SU-2015:1224-
• 1033186-
• RHSA-2015:1643-
• RHSA-2015:1583-
• RHSA-2015:1534-
• RHSA-2015:1221-

 

Keywords

NVD

 

CVE-2015-3636

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures