CVE-2015-8543

Severity

69%

Complexity

34%

Confidentiality

165%

CWE-476: NULL Pointer Dereference

The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.

CWE-476: NULL Pointer Dereference

CVSS 3.0 Base Score 7. CVSS Attack Vector: local. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 6.9. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 9 years ago

2015-12-28 11:59:00

Last updated 7 years ago

2018-01-05 02:30:00

Affected Software

Linux Kernel

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79462ad02e861803b3840cc782248c7359451cd9

SUSE-SU-2016:0911

SUSE-SU-2016:1102

SUSE-SU-2016:2074

RHSA-2016:0855

RHSA-2016:2574

RHSA-2016:2584

DSA-3426

DSA-3434

[oss-security] 20151209 Re: CVE request - Android kernel - IPv6 connect cause a denial of service

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

79698

1034892

USN-2886-1

USN-2888-1

USN-2890-1

USN-2890-2

USN-2890-3

https://bugzilla.redhat.com/show_bug.cgi?id=1290475

https://github.com/torvalds/linux/commit/79462ad02e861803b3840cc782248c7359451cd9

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.