CVE-2015-5364

Severity

78%

Complexity

99%

Confidentiality

115%

The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.

The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.

CVSS 2.0 Base Score 7.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C).

Overview

Type

Linux

First reported 9 years ago

2015-08-31 10:59:00

Last updated 7 years ago

2018-01-05 02:30:00

Affected Software

Linux Kernel

Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 6.5

6.5

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

SUSE-SU-2015:1224

SUSE-SU-2015:1324

openSUSE-SU-2015:1382

SUSE-SU-2015:1478

SUSE-SU-2015:1487

SUSE-SU-2015:1488

SUSE-SU-2015:1489

SUSE-SU-2015:1490

SUSE-SU-2015:1491

SUSE-SU-2015:1592

SUSE-SU-2015:1611

RHSA-2015:1623

RHSA-2015:1778

RHSA-2015:1787

RHSA-2016:0045

RHSA-2016:1096

RHSA-2016:1100

DSA-3313

DSA-3329

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.6

Vendor Advisory

[oss-security] 20150630 CVE Request: UDP checksum DoS

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

75510

1032794

USN-2680-1

USN-2681-1

USN-2682-1

USN-2683-1

USN-2684-1

USN-2713-1

USN-2714-1

RHSA-2016:1225

https://bugzilla.redhat.com/show_bug.cgi?id=1239029

https://github.com/torvalds/linux/commit/beb39db59d14990e401e235faf66a6b9b31240b0

https://twitter.com/grsecurity/status/605854034260426753

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.