CVE Vulnerabilities

CVE-2015-3636

Published: Aug 06, 2015 | Modified: Apr 22, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.9 MEDIUM
AV:L/AC:L/Au:N/C:N/I:N/A:C
RedHat/V2
6 MODERATE
AV:L/AC:H/Au:S/C:C/I:C/A:C
RedHat/V3
Ubuntu
MEDIUM

The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux * 4.0.2 (including)
Red Hat Enterprise Linux 6 RedHat kernel-0:2.6.32-504.30.3.el6 *
Red Hat Enterprise Linux 6.4 Advanced Update Support RedHat kernel-0:2.6.32-358.65.1.el6 *
Red Hat Enterprise Linux 6.5 Extended Update Support RedHat kernel-0:2.6.32-431.61.2.el6 *
Red Hat Enterprise Linux 7 RedHat kernel-rt-0:3.10.0-229.11.1.rt56.141.11.el7_1 *
Red Hat Enterprise Linux 7 RedHat kernel-0:3.10.0-229.11.1.el7 *
Red Hat Enterprise MRG 2 RedHat kernel-rt-1:3.10.0-229.rt56.158.el6rt *
Linux Ubuntu precise *
Linux Ubuntu precise/esm *
Linux Ubuntu trusty *
Linux Ubuntu trusty/esm *
Linux Ubuntu upstream *
Linux Ubuntu utopic *
Linux Ubuntu vivid *
Linux Ubuntu vivid/ubuntu-core *
Linux-2.6 Ubuntu upstream *
Linux-armadaxp Ubuntu precise *
Linux-armadaxp Ubuntu upstream *
Linux-aws Ubuntu upstream *
Linux-ec2 Ubuntu upstream *
Linux-flo Ubuntu esm-apps/xenial *
Linux-flo Ubuntu trusty *
Linux-flo Ubuntu upstream *
Linux-flo Ubuntu utopic *
Linux-flo Ubuntu vivid *
Linux-flo Ubuntu vivid/stable-phone-overlay *
Linux-flo Ubuntu wily *
Linux-flo Ubuntu xenial *
Linux-flo Ubuntu yakkety *
Linux-fsl-imx51 Ubuntu lucid *
Linux-fsl-imx51 Ubuntu upstream *
Linux-gke Ubuntu upstream *
Linux-goldfish Ubuntu esm-apps/xenial *
Linux-goldfish Ubuntu trusty *
Linux-goldfish Ubuntu upstream *
Linux-goldfish Ubuntu utopic *
Linux-goldfish Ubuntu vivid *
Linux-goldfish Ubuntu wily *
Linux-goldfish Ubuntu xenial *
Linux-goldfish Ubuntu yakkety *
Linux-goldfish Ubuntu zesty *
Linux-grouper Ubuntu trusty *
Linux-grouper Ubuntu upstream *
Linux-grouper Ubuntu utopic *
Linux-hwe Ubuntu upstream *
Linux-hwe-edge Ubuntu upstream *
Linux-linaro-omap Ubuntu precise *
Linux-linaro-omap Ubuntu upstream *
Linux-linaro-shared Ubuntu precise *
Linux-linaro-shared Ubuntu upstream *
Linux-linaro-vexpress Ubuntu precise *
Linux-linaro-vexpress Ubuntu upstream *
Linux-lts-quantal Ubuntu precise *
Linux-lts-quantal Ubuntu precise/esm *
Linux-lts-quantal Ubuntu upstream *
Linux-lts-raring Ubuntu precise *
Linux-lts-raring Ubuntu precise/esm *
Linux-lts-raring Ubuntu upstream *
Linux-lts-saucy Ubuntu precise *
Linux-lts-saucy Ubuntu precise/esm *
Linux-lts-saucy Ubuntu upstream *
Linux-lts-trusty Ubuntu precise *
Linux-lts-trusty Ubuntu precise/esm *
Linux-lts-trusty Ubuntu upstream *
Linux-lts-utopic Ubuntu trusty *
Linux-lts-utopic Ubuntu upstream *
Linux-lts-vivid Ubuntu trusty *
Linux-lts-vivid Ubuntu upstream *
Linux-lts-wily Ubuntu upstream *
Linux-lts-xenial Ubuntu upstream *
Linux-maguro Ubuntu trusty *
Linux-maguro Ubuntu upstream *
Linux-mako Ubuntu esm-apps/xenial *
Linux-mako Ubuntu trusty *
Linux-mako Ubuntu upstream *
Linux-mako Ubuntu utopic *
Linux-mako Ubuntu vivid *
Linux-mako Ubuntu vivid/stable-phone-overlay *
Linux-mako Ubuntu wily *
Linux-mako Ubuntu xenial *
Linux-mako Ubuntu yakkety *
Linux-manta Ubuntu trusty *
Linux-manta Ubuntu upstream *
Linux-manta Ubuntu utopic *
Linux-manta Ubuntu vivid *
Linux-manta Ubuntu wily *
Linux-mvl-dove Ubuntu lucid *
Linux-mvl-dove Ubuntu upstream *
Linux-qcm-msm Ubuntu lucid *
Linux-qcm-msm Ubuntu precise *
Linux-qcm-msm Ubuntu upstream *
Linux-raspi2 Ubuntu upstream *
Linux-raspi2 Ubuntu vivid/ubuntu-core *
Linux-snapdragon Ubuntu upstream *
Linux-ti-omap4 Ubuntu precise *
Linux-ti-omap4 Ubuntu upstream *

References