Lucene search

[email protected]CVE-2015-2042

HistoryApr 21, 2015 - 10:59 a.m.

CVE-2015-2042

2015-04-2110:59:00

CWE-17

[email protected]

web.nvd.nist.gov

cve-2015-2042

linux kernel

sysctl.c

vulnerability

nvd

information security

7.4 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

9.7%

JSON

net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle3.18.7

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	3.18.7

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=db27ebb111e9f69efece08e4cb6a34ff980f8896

lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html

www.debian.org/security/2015/dsa-3237

www.openwall.com/lists/oss-security/2015/02/20/20

www.securityfocus.com/bid/72730

www.ubuntu.com/usn/USN-2560-1

www.ubuntu.com/usn/USN-2561-1

www.ubuntu.com/usn/USN-2562-1

www.ubuntu.com/usn/USN-2563-1

www.ubuntu.com/usn/USN-2564-1

www.ubuntu.com/usn/USN-2565-1

bugzilla.redhat.com/show_bug.cgi?id=1195355

github.com/torvalds/linux/commit/db27ebb111e9f69efece08e4cb6a34ff980f8896

7.4 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

9.7%

JSON

Related for CVE-2015-2042

f52 prion1 cvelist1 debiancve1 ubuntucve1 ibm2 securityvulns3 nessus18 ubuntu6 openvas31 mageia3 debian4 osv3 suse4 fedora12